fix: remove spanScopeSelector key to sync scope filters

* fix: maintenance ignores recurrence when fixed times also set

* send empty start/end dates in frontend for recurring windows

* handle zero start and end times in schedule

* Revert "send empty start/end dates in frontend for recurring windows"

This reverts commit 87bc3fae274ccfd9ce98aeae5ac379fadf657df3.

* Remove start and end time from recurrence

* fix display timezone

* remove redundant param `shouldKeepLocalTime`

* handle empty initial start time

* fix CI issues

* Revert "fix CI issues"

This reverts commit 772e6486bb03ec836ebdce436e820aa0d1defdda.

* Revert "handle empty initial start time"

This reverts commit 82e7c72a338b019dea57def1c61795ca749aacc0.

* Revert "remove redundant param `shouldKeepLocalTime`"

This reverts commit ed942426745b8b534cdc47dc8b885beef0d6c2f1.

* Revert "fix display timezone"

This reverts commit 9b2a61674e883f2b47f5bd52413e257ef6f861d3.

* Revert "Remove start and end time from recurrence"

This reverts commit ab0df8e22d6099772eec79af11d2453a9d95e157.

* Revert "Revert "send empty start/end dates in frontend for recurring windows""

This reverts commit 15a4166d3740877b601f16ba208dd3c291b387f2.

* Revert "handle zero start and end times in schedule"

This reverts commit 58a5aecb82f1aa4f8d5549e391f1f2c5c7574be2.

* Revert "send empty start/end dates in frontend for recurring windows"

This reverts commit 0470cc7a84f6e9f91cccd73d7841b884342031d4.

* log maintenance window for schedule-recurrence timestamp mismatch

---------

Co-authored-by: Srikanth Chekuri <srikanth.chekuri92@gmail.com>

cmd/authz.go

@@ -5,6 +5,7 @@ import (
 	"context"
 	"os"
 	"sort"
+	"strings"
 	"text/template"
 
 	"github.com/SigNoz/signoz/pkg/types/coretypes"
@@ -23,6 +24,7 @@ export default {
 			{
 				kind: '{{ .Kind }}',
 				type: '{{ .Type }}',
+{{ .FormattedAllowedVerbs }}
 			},
 {{- end }}
 		],
@@ -41,8 +43,9 @@ type permissionsTypeRelation struct {
 }
 
 type permissionsTypeResource struct {
-	Kind string
-	Type string
+	Kind                  string
+	Type                  string
+	FormattedAllowedVerbs string
 }
 
 type permissionsTypeData struct {
@@ -50,6 +53,30 @@ type permissionsTypeData struct {
 	Relations []permissionsTypeRelation
 }
 
+// formatAllowedVerbs returns a prettier-compatible formatted allowedVerbs line.
+// indentLevel is the number of tabs for the property (matching kind/type indent).
+// printWidth is prettier's printWidth; tabWidth is assumed to be 1 (each \t = 1 char).
+func formatAllowedVerbs(verbs []string, indentLevel int, printWidth int) string {
+	quoted := make([]string, len(verbs))
+	for i, v := range verbs {
+		quoted[i] = "'" + v + "'"
+	}
+	indent := strings.Repeat("\t", indentLevel)
+
+	oneLine := indent + "allowedVerbs: [" + strings.Join(quoted, ", ") + "],"
+	if len(oneLine) <= printWidth {
+		return oneLine
+	}
+
+	var b strings.Builder
+	b.WriteString(indent + "allowedVerbs: [\n")
+	for _, q := range quoted {
+		b.WriteString(indent + "\t" + q + ",\n")
+	}
+	b.WriteString(indent + "],")
+	return b.String()
+}
+
 func registerGenerateAuthz(parentCmd *cobra.Command) {
 	authzCmd := &cobra.Command{
 		Use:   "authz",
@@ -66,8 +93,8 @@ func runGenerateAuthz(_ context.Context) error {
 	registry := coretypes.NewRegistry()
 
 	allowedResources := map[string]bool{
-		coretypes.NewResourceRef(coretypes.ResourceServiceAccount).String():        true,
-		coretypes.NewResourceRef(coretypes.ResourceRole).String():                  true,
+		coretypes.NewResourceRef(coretypes.ResourceServiceAccount).String():           true,
+		coretypes.NewResourceRef(coretypes.ResourceRole).String():                     true,
 		coretypes.NewResourceRef(coretypes.ResourceMetaResourceFactorAPIKey).String(): true,
 	}
 
@@ -80,9 +107,23 @@ func runGenerateAuthz(_ context.Context) error {
 			continue
 		}
 		allowedTypes[ref.Type.StringValue()] = true
+
+		resource, err := coretypes.NewResourceFromTypeAndKind(ref.Type, ref.Kind)
+		if err != nil {
+			return err
+		}
+
+		verbs := resource.AllowedVerbs()
+		allowedVerbStrings := make([]string, 0, len(verbs))
+		for _, verb := range verbs {
+			allowedVerbStrings = append(allowedVerbStrings, verb.StringValue())
+		}
+		sort.Strings(allowedVerbStrings)
+
 		resources = append(resources, permissionsTypeResource{
-			Kind: ref.Kind.String(),
-			Type: ref.Type.StringValue(),
+			Kind:                  ref.Kind.String(),
+			Type:                  ref.Type.StringValue(),
+			FormattedAllowedVerbs: formatAllowedVerbs(allowedVerbStrings, 4, 80),
 		})
 	}
 

deploy/docker-swarm/docker-compose.ha.yaml

@@ -190,7 +190,7 @@ services:
       # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
   signoz:
     !!merge <<: *db-depend
-    image: signoz/signoz:v0.122.0
+    image: signoz/signoz:v0.124.0
     ports:
       - "8080:8080" # signoz port
     #   - "6060:6060"     # pprof port

deploy/docker-swarm/docker-compose.yaml

@@ -117,7 +117,7 @@ services:
       # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
   signoz:
     !!merge <<: *db-depend
-    image: signoz/signoz:v0.122.0
+    image: signoz/signoz:v0.124.0
     ports:
       - "8080:8080" # signoz port
     volumes:

deploy/docker/docker-compose.ha.yaml

@@ -181,7 +181,7 @@ services:
       # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
   signoz:
     !!merge <<: *db-depend
-    image: signoz/signoz:${VERSION:-v0.122.0}
+    image: signoz/signoz:${VERSION:-v0.124.0}
     container_name: signoz
     ports:
       - "8080:8080" # signoz port

deploy/docker/docker-compose.yaml

@@ -109,7 +109,7 @@ services:
       # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
   signoz:
     !!merge <<: *db-depend
-    image: signoz/signoz:${VERSION:-v0.122.0}
+    image: signoz/signoz:${VERSION:-v0.124.0}
     container_name: signoz
     ports:
       - "8080:8080" # signoz port

docs/api/openapi.yml

@@ -2580,6 +2580,76 @@ components:
       - requiredMetricsCheck
       - endTimeBeforeRetention
       type: object
+    InframonitoringtypesDaemonSetRecord:
+      properties:
+        currentNodes:
+          type: integer
+        daemonSetCPU:
+          format: double
+          type: number
+        daemonSetCPULimit:
+          format: double
+          type: number
+        daemonSetCPURequest:
+          format: double
+          type: number
+        daemonSetMemory:
+          format: double
+          type: number
+        daemonSetMemoryLimit:
+          format: double
+          type: number
+        daemonSetMemoryRequest:
+          format: double
+          type: number
+        daemonSetName:
+          type: string
+        desiredNodes:
+          type: integer
+        meta:
+          additionalProperties:
+            type: string
+          nullable: true
+          type: object
+        podCountsByPhase:
+          $ref: '#/components/schemas/InframonitoringtypesPodCountsByPhase'
+      required:
+      - daemonSetName
+      - daemonSetCPU
+      - daemonSetCPURequest
+      - daemonSetCPULimit
+      - daemonSetMemory
+      - daemonSetMemoryRequest
+      - daemonSetMemoryLimit
+      - desiredNodes
+      - currentNodes
+      - podCountsByPhase
+      - meta
+      type: object
+    InframonitoringtypesDaemonSets:
+      properties:
+        endTimeBeforeRetention:
+          type: boolean
+        records:
+          items:
+            $ref: '#/components/schemas/InframonitoringtypesDaemonSetRecord'
+          nullable: true
+          type: array
+        requiredMetricsCheck:
+          $ref: '#/components/schemas/InframonitoringtypesRequiredMetricsCheck'
+        total:
+          type: integer
+        type:
+          $ref: '#/components/schemas/InframonitoringtypesResponseType'
+        warning:
+          $ref: '#/components/schemas/Querybuildertypesv5QueryWarnData'
+      required:
+      - type
+      - records
+      - total
+      - requiredMetricsCheck
+      - endTimeBeforeRetention
+      type: object
     InframonitoringtypesDeploymentRecord:
       properties:
         availablePods:
@@ -3056,6 +3126,32 @@ components:
       - end
       - limit
       type: object
+    InframonitoringtypesPostableDaemonSets:
+      properties:
+        end:
+          format: int64
+          type: integer
+        filter:
+          $ref: '#/components/schemas/Querybuildertypesv5Filter'
+        groupBy:
+          items:
+            $ref: '#/components/schemas/Querybuildertypesv5GroupByKey'
+          nullable: true
+          type: array
+        limit:
+          type: integer
+        offset:
+          type: integer
+        orderBy:
+          $ref: '#/components/schemas/Querybuildertypesv5OrderBy'
+        start:
+          format: int64
+          type: integer
+      required:
+      - start
+      - end
+      - limit
+      type: object
     InframonitoringtypesPostableDeployments:
       properties:
         end:
@@ -12275,6 +12371,83 @@ paths:
       summary: List Clusters for Infra Monitoring
       tags:
       - inframonitoring
+  /api/v2/infra_monitoring/daemonsets:
+    post:
+      deprecated: false
+      description: 'Returns a paginated list of Kubernetes DaemonSets with key aggregated
+        pod metrics: CPU usage and memory working set summed across pods owned by
+        the daemonset, plus average CPU/memory request and limit utilization (daemonSetCPURequest,
+        daemonSetCPULimit, daemonSetMemoryRequest, daemonSetMemoryLimit). Each row
+        also reports the latest known node-level counters from kube-state-metrics:
+        desiredNodes (k8s.daemonset.desired_scheduled_nodes, the number of nodes the
+        daemonset wants to run on) and currentNodes (k8s.daemonset.current_scheduled_nodes,
+        the number of nodes the daemonset currently runs on) — note these are node
+        counts, not pod counts. It also reports per-group podCountsByPhase ({ pending,
+        running, succeeded, failed, unknown } from each pod''s latest k8s.pod.phase
+        value). Each daemonset includes metadata attributes (k8s.daemonset.name, k8s.namespace.name,
+        k8s.cluster.name). The response type is ''list'' for the default k8s.daemonset.name
+        grouping or ''grouped_list'' for custom groupBy keys; in both modes every
+        row aggregates pods owned by daemonsets in the group. Supports filtering via
+        a filter expression, custom groupBy, ordering by cpu / cpu_request / cpu_limit
+        / memory / memory_request / memory_limit / desired_nodes / current_nodes,
+        and pagination via offset/limit. Also reports missing required metrics and
+        whether the requested time range falls before the data retention boundary.
+        Numeric metric fields (daemonSetCPU, daemonSetCPURequest, daemonSetCPULimit,
+        daemonSetMemory, daemonSetMemoryRequest, daemonSetMemoryLimit, desiredNodes,
+        currentNodes) return -1 as a sentinel when no data is available for that field.'
+      operationId: ListDaemonSets
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/InframonitoringtypesPostableDaemonSets'
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                properties:
+                  data:
+                    $ref: '#/components/schemas/InframonitoringtypesDaemonSets'
+                  status:
+                    type: string
+                required:
+                - status
+                - data
+                type: object
+          description: OK
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Bad Request
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - VIEWER
+      - tokenizer:
+        - VIEWER
+      summary: List DaemonSets for Infra Monitoring
+      tags:
+      - inframonitoring
   /api/v2/infra_monitoring/deployments:
     post:
       deprecated: false

ee/authz/openfgaschema/base.fga

@@ -54,6 +54,9 @@ type metaresource
     define update: [user, serviceaccount, role#assignee]
     define delete: [user, serviceaccount, role#assignee]
 
+    define attach: [user, serviceaccount, role#assignee]
+    define detach: [user, serviceaccount, role#assignee]
+
     define block: [user, serviceaccount, role#assignee]
 
 

ee/query-service/app/api/featureFlags.go

@@ -80,6 +80,15 @@ func (ah *APIHandler) getFeatureFlags(w http.ResponseWriter, r *http.Request) {
 		Route:      "",
 	})
 
+	fineGrainedAuthz := ah.Signoz.Flagger.BooleanOrEmpty(ctx, flagger.FeatureUseFineGrainedAuthz, evalCtx)
+	featureSet = append(featureSet, &licensetypes.Feature{
+		Name:       valuer.NewString(flagger.FeatureUseFineGrainedAuthz.String()),
+		Active:     fineGrainedAuthz,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	})
+
 	if constants.IsDotMetricsEnabled {
 		for idx, feature := range featureSet {
 			if feature.Name == licensetypes.DotMetricsEnabled {

frontend/orval.config.ts

@@ -10,6 +10,13 @@ export default defineConfig({
 	signoz: {
 		input: {
 			target: '../docs/api/openapi.yml',
+			// Perses' `common.JSONRef` (used by `DashboardGridItem.content`) has a
+			// field tagged `json:"$ref"`, so our spec contains a property literally
+			// named `$ref`.
+			// Orval v8's validator (`@scalar/openapi-parser`) treats every `$ref` key
+			// as a JSON Reference and aborts with `INVALID_REFERENCE` when the value isn't a URI string.
+			// Safe to disable: yes, the spec is generated by `cmd/openapi.go` and gated by backend CI, not hand-edited.
+			unsafeDisableValidation: true,
 		},
 		output: {
 			target: './src/api/generated/services',

frontend/src/AppRoutes/routes.ts

@@ -144,18 +144,18 @@ const routes: AppRoutes[] = [
 	// /trace-old serves V3 (URL-only access). Flip the two `component`
 	// values back to release V3.
 	{
-		path: ROUTES.TRACE_DETAIL,
+		path: ROUTES.TRACE_DETAIL_OLD,
 		exact: true,
 		component: TraceDetail,
 		isPrivate: true,
-		key: 'TRACE_DETAIL',
+		key: 'TRACE_DETAIL_OLD',
 	},
 	{
-		path: ROUTES.TRACE_DETAIL_OLD,
+		path: ROUTES.TRACE_DETAIL,
 		exact: true,
 		component: TraceDetailV3,
 		isPrivate: true,
-		key: 'TRACE_DETAIL_OLD',
+		key: 'TRACE_DETAIL',
 	},
 	{
 		path: ROUTES.SETTINGS,

frontend/src/__tests__/query_range_v5.util.ts

@@ -0,0 +1,271 @@
+import { ENVIRONMENT } from 'constants/env';
+import { server } from 'mocks-server/server';
+import { rest, RestRequest } from 'msw';
+import { MetricRangePayloadV5 } from 'types/api/v5/queryRange';
+
+const QUERY_RANGE_URL = `${ENVIRONMENT.baseURL}/api/v5/query_range`;
+
+export type MockLogsOptions = {
+	offset?: number;
+	pageSize?: number;
+	hasMore?: boolean;
+	delay?: number;
+	onReceiveRequest?: (
+		req: RestRequest,
+	) =>
+		| undefined
+		| void
+		| Omit<MockLogsOptions, 'onReceiveRequest'>
+		| Promise<Omit<MockLogsOptions, 'onReceiveRequest'>>
+		| Promise<void>;
+};
+
+const createLogsResponse = ({
+	offset = 0,
+	pageSize = 100,
+	hasMore = true,
+}: MockLogsOptions): MetricRangePayloadV5 => {
+	const itemsForThisPage = hasMore ? pageSize : pageSize / 2;
+
+	return {
+		data: {
+			type: 'raw',
+			data: {
+				results: [
+					{
+						queryName: 'A',
+						rows: Array.from({ length: itemsForThisPage }, (_, index) => {
+							const cumulativeIndex = offset + index;
+							const baseTimestamp = new Date('2024-02-15T21:20:22Z').getTime();
+							const currentTimestamp = new Date(
+								baseTimestamp - cumulativeIndex * 1000,
+							);
+							const timestampString = currentTimestamp.toISOString();
+							const id = `log-id-${cumulativeIndex}`;
+							const logLevel = ['INFO', 'WARN', 'ERROR'][cumulativeIndex % 3];
+							const service = ['frontend', 'backend', 'database'][cumulativeIndex % 3];
+
+							return {
+								timestamp: timestampString,
+								data: {
+									attributes_bool: {},
+									attributes_float64: {},
+									attributes_int64: {},
+									attributes_string: {
+										host_name: 'test-host',
+										log_level: logLevel,
+										service,
+									},
+									body: `${timestampString} ${logLevel} ${service} Log message ${cumulativeIndex}`,
+									id,
+									resources_string: {
+										'host.name': 'test-host',
+									},
+									severity_number: [9, 13, 17][cumulativeIndex % 3],
+									severity_text: logLevel,
+									span_id: `span-${cumulativeIndex}`,
+									trace_flags: 0,
+									trace_id: `trace-${cumulativeIndex}`,
+								},
+							};
+						}),
+					},
+				],
+			},
+			meta: {
+				bytesScanned: 0,
+				durationMs: 0,
+				rowsScanned: 0,
+				stepIntervals: {},
+			},
+		},
+	};
+};
+
+export function mockQueryRangeV5WithLogsResponse({
+	hasMore = true,
+	offset = 0,
+	pageSize = 100,
+	delay = 0,
+	onReceiveRequest,
+}: MockLogsOptions = {}): void {
+	server.use(
+		rest.post(QUERY_RANGE_URL, async (req, res, ctx) =>
+			res(
+				...(delay ? [ctx.delay(delay)] : []),
+				ctx.status(200),
+				ctx.json(
+					createLogsResponse(
+						(await onReceiveRequest?.(req)) ?? {
+							hasMore,
+							pageSize,
+							offset,
+						},
+					),
+				),
+			),
+		),
+	);
+}
+
+export function mockQueryRangeV5WithError(
+	error: string,
+	statusCode = 500,
+): void {
+	server.use(
+		rest.post(QUERY_RANGE_URL, (_, res, ctx) =>
+			res(
+				ctx.status(statusCode),
+				ctx.json({
+					error,
+				}),
+			),
+		),
+	);
+}
+
+export type MockEventsOptions = {
+	offset?: number;
+	pageSize?: number;
+	hasMore?: boolean;
+	delay?: number;
+	onReceiveRequest?: (
+		req: RestRequest,
+	) =>
+		| undefined
+		| void
+		| Omit<MockEventsOptions, 'onReceiveRequest'>
+		| Promise<Omit<MockEventsOptions, 'onReceiveRequest'>>
+		| Promise<void>;
+};
+
+const createEventsResponse = ({
+	offset = 0,
+	pageSize = 10,
+	hasMore = true,
+}: MockEventsOptions): MetricRangePayloadV5 => {
+	const itemsForThisPage = hasMore ? pageSize : Math.ceil(pageSize / 2);
+
+	const eventReasons = [
+		'BackoffLimitExceeded',
+		'SuccessfulCreate',
+		'Pulled',
+		'Created',
+		'Started',
+		'Killing',
+	];
+	const severityTexts = ['Warning', 'Normal'];
+	const severityNumbers = [13, 9];
+	const objectKinds = ['Job', 'Pod', 'Deployment', 'ReplicaSet'];
+	const eventBodies = [
+		'Job has reached the specified backoff limit',
+		'Created pod: demo-pod',
+		'Successfully pulled image',
+		'Created container',
+		'Started container',
+		'Stopping container',
+	];
+
+	return {
+		data: {
+			type: 'raw',
+			data: {
+				results: [
+					{
+						queryName: 'A',
+						nextCursor: hasMore ? 'next-cursor-token' : '',
+						rows: Array.from({ length: itemsForThisPage }, (_, index) => {
+							const cumulativeIndex = offset + index;
+							const baseTimestamp = new Date('2026-04-21T17:54:33Z').getTime();
+							const currentTimestamp = new Date(
+								baseTimestamp - cumulativeIndex * 60000,
+							);
+							const timestampString = currentTimestamp.toISOString();
+							const id = `event-id-${cumulativeIndex}`;
+							const severityIndex = cumulativeIndex % 2;
+							const reasonIndex = cumulativeIndex % eventReasons.length;
+							const kindIndex = cumulativeIndex % objectKinds.length;
+
+							return {
+								timestamp: timestampString,
+								data: {
+									attributes_bool: {},
+									attributes_number: {
+										'k8s.event.count': 1,
+									},
+									attributes_string: {
+										'k8s.event.action': '',
+										'k8s.event.name': `demo-event-${cumulativeIndex}.${Math.random()
+											.toString(36)
+											.substring(7)}`,
+										'k8s.event.reason': eventReasons[reasonIndex],
+										'k8s.event.start_time': `${currentTimestamp.toISOString()} +0000 UTC`,
+										'k8s.event.uid': `uid-${cumulativeIndex}`,
+										'k8s.namespace.name': 'demo-apps',
+									},
+									body: eventBodies[reasonIndex],
+									id,
+									resources_string: {
+										'k8s.cluster.name': 'signoz-test',
+										'k8s.node.name': '',
+										'k8s.object.api_version': 'batch/v1',
+										'k8s.object.fieldpath': '',
+										'k8s.object.kind': objectKinds[kindIndex],
+										'k8s.object.name': `demo-object-${cumulativeIndex}`,
+										'k8s.object.resource_version': `${462900 + cumulativeIndex}`,
+										'k8s.object.uid': `object-uid-${cumulativeIndex}`,
+										'signoz.component': 'otel-deployment',
+									},
+									scope_name:
+										'github.com/open-telemetry/opentelemetry-collector-contrib/receiver/k8seventsreceiver',
+									scope_string: {},
+									scope_version: '0.139.0',
+									severity_number: severityNumbers[severityIndex],
+									severity_text: severityTexts[severityIndex],
+									span_id: '',
+									timestamp: currentTimestamp.getTime() * 1000000,
+									trace_flags: 0,
+									trace_id: '',
+								},
+							};
+						}),
+					},
+				],
+			},
+			meta: {
+				bytesScanned: 9682976,
+				durationMs: 295,
+				rowsScanned: 34198,
+				stepIntervals: {
+					A: 170,
+				},
+			},
+		},
+	};
+};
+
+export function mockQueryRangeV5WithEventsResponse({
+	hasMore = true,
+	offset = 0,
+	pageSize = 10,
+	delay = 0,
+	onReceiveRequest,
+}: MockEventsOptions = {}): void {
+	server.use(
+		rest.post(QUERY_RANGE_URL, async (req, res, ctx) =>
+			res(
+				...(delay ? [ctx.delay(delay)] : []),
+				ctx.status(200),
+				ctx.json(
+					createEventsResponse(
+						(await onReceiveRequest?.(req)) ?? {
+							hasMore,
+							pageSize,
+							offset,
+						},
+					),
+				),
+			),
+		),
+	);
+}

frontend/src/api/generated/services/alerts/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useQuery } from 'react-query';
 import type {

frontend/src/api/generated/services/authdomains/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useMutation, useQuery } from 'react-query';
 import type {

frontend/src/api/generated/services/authz/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useMutation } from 'react-query';
 import type {

frontend/src/api/generated/services/channels/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useMutation, useQuery } from 'react-query';
 import type {

frontend/src/api/generated/services/cloudintegration/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useMutation, useQuery } from 'react-query';
 import type {

frontend/src/api/generated/services/dashboard/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useMutation, useQuery } from 'react-query';
 import type {

frontend/src/api/generated/services/downtimeschedules/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useMutation, useQuery } from 'react-query';
 import type {

frontend/src/api/generated/services/features/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useQuery } from 'react-query';
 import type {

frontend/src/api/generated/services/fields/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useQuery } from 'react-query';
 import type {

frontend/src/api/generated/services/gateway/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useMutation, useQuery } from 'react-query';
 import type {

frontend/src/api/generated/services/global/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useQuery } from 'react-query';
 import type {

frontend/src/api/generated/services/health/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useQuery } from 'react-query';
 import type {

frontend/src/api/generated/services/inframonitoring/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useMutation } from 'react-query';
 import type {
@@ -14,6 +13,7 @@ import type {
 
 import type {
 	InframonitoringtypesPostableClustersDTO,
+	InframonitoringtypesPostableDaemonSetsDTO,
 	InframonitoringtypesPostableDeploymentsDTO,
 	InframonitoringtypesPostableHostsDTO,
 	InframonitoringtypesPostableJobsDTO,
@@ -23,6 +23,7 @@ import type {
 	InframonitoringtypesPostableStatefulSetsDTO,
 	InframonitoringtypesPostableVolumesDTO,
 	ListClusters200,
+	ListDaemonSets200,
 	ListDeployments200,
 	ListHosts200,
 	ListJobs200,
@@ -120,6 +121,89 @@ export const useListClusters = <
 > => {
 	return useMutation(getListClustersMutationOptions(options));
 };
+/**
+ * Returns a paginated list of Kubernetes DaemonSets with key aggregated pod metrics: CPU usage and memory working set summed across pods owned by the daemonset, plus average CPU/memory request and limit utilization (daemonSetCPURequest, daemonSetCPULimit, daemonSetMemoryRequest, daemonSetMemoryLimit). Each row also reports the latest known node-level counters from kube-state-metrics: desiredNodes (k8s.daemonset.desired_scheduled_nodes, the number of nodes the daemonset wants to run on) and currentNodes (k8s.daemonset.current_scheduled_nodes, the number of nodes the daemonset currently runs on) — note these are node counts, not pod counts. It also reports per-group podCountsByPhase ({ pending, running, succeeded, failed, unknown } from each pod's latest k8s.pod.phase value). Each daemonset includes metadata attributes (k8s.daemonset.name, k8s.namespace.name, k8s.cluster.name). The response type is 'list' for the default k8s.daemonset.name grouping or 'grouped_list' for custom groupBy keys; in both modes every row aggregates pods owned by daemonsets in the group. Supports filtering via a filter expression, custom groupBy, ordering by cpu / cpu_request / cpu_limit / memory / memory_request / memory_limit / desired_nodes / current_nodes, and pagination via offset/limit. Also reports missing required metrics and whether the requested time range falls before the data retention boundary. Numeric metric fields (daemonSetCPU, daemonSetCPURequest, daemonSetCPULimit, daemonSetMemory, daemonSetMemoryRequest, daemonSetMemoryLimit, desiredNodes, currentNodes) return -1 as a sentinel when no data is available for that field.
+ * @summary List DaemonSets for Infra Monitoring
+ */
+export const listDaemonSets = (
+	inframonitoringtypesPostableDaemonSetsDTO?: BodyType<InframonitoringtypesPostableDaemonSetsDTO>,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<ListDaemonSets200>({
+		url: `/api/v2/infra_monitoring/daemonsets`,
+		method: 'POST',
+		headers: { 'Content-Type': 'application/json' },
+		data: inframonitoringtypesPostableDaemonSetsDTO,
+		signal,
+	});
+};
+
+export const getListDaemonSetsMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof listDaemonSets>>,
+		TError,
+		{ data?: BodyType<InframonitoringtypesPostableDaemonSetsDTO> },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof listDaemonSets>>,
+	TError,
+	{ data?: BodyType<InframonitoringtypesPostableDaemonSetsDTO> },
+	TContext
+> => {
+	const mutationKey = ['listDaemonSets'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof listDaemonSets>>,
+		{ data?: BodyType<InframonitoringtypesPostableDaemonSetsDTO> }
+	> = (props) => {
+		const { data } = props ?? {};
+
+		return listDaemonSets(data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type ListDaemonSetsMutationResult = NonNullable<
+	Awaited<ReturnType<typeof listDaemonSets>>
+>;
+export type ListDaemonSetsMutationBody =
+	| BodyType<InframonitoringtypesPostableDaemonSetsDTO>
+	| undefined;
+export type ListDaemonSetsMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary List DaemonSets for Infra Monitoring
+ */
+export const useListDaemonSets = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof listDaemonSets>>,
+		TError,
+		{ data?: BodyType<InframonitoringtypesPostableDaemonSetsDTO> },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof listDaemonSets>>,
+	TError,
+	{ data?: BodyType<InframonitoringtypesPostableDaemonSetsDTO> },
+	TContext
+> => {
+	return useMutation(getListDaemonSetsMutationOptions(options));
+};
 /**
  * Returns a paginated list of Kubernetes Deployments with key aggregated pod metrics: CPU usage and memory working set summed across pods owned by the deployment, plus average CPU/memory request and limit utilization (deploymentCPURequest, deploymentCPULimit, deploymentMemoryRequest, deploymentMemoryLimit). Each row also reports the latest known desiredPods (k8s.deployment.desired) and availablePods (k8s.deployment.available) replica counts and per-group podCountsByPhase ({ pending, running, succeeded, failed, unknown } from each pod's latest k8s.pod.phase value). Each deployment includes metadata attributes (k8s.deployment.name, k8s.namespace.name, k8s.cluster.name). The response type is 'list' for the default k8s.deployment.name grouping or 'grouped_list' for custom groupBy keys; in both modes every row aggregates pods owned by deployments in the group. Supports filtering via a filter expression, custom groupBy, ordering by cpu / cpu_request / cpu_limit / memory / memory_request / memory_limit / desired_pods / available_pods, and pagination via offset/limit. Also reports missing required metrics and whether the requested time range falls before the data retention boundary. Numeric metric fields (deploymentCPU, deploymentCPURequest, deploymentCPULimit, deploymentMemory, deploymentMemoryRequest, deploymentMemoryLimit, desiredPods, availablePods) return -1 as a sentinel when no data is available for that field.
  * @summary List Deployments for Infra Monitoring

frontend/src/api/generated/services/llmpricingrules/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useMutation, useQuery } from 'react-query';
 import type {

frontend/src/api/generated/services/logs/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useMutation, useQuery } from 'react-query';
 import type {

frontend/src/api/generated/services/metrics/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useMutation, useQuery } from 'react-query';
 import type {

frontend/src/api/generated/services/orgs/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useMutation, useQuery } from 'react-query';
 import type {

frontend/src/api/generated/services/preferences/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useMutation, useQuery } from 'react-query';
 import type {

frontend/src/api/generated/services/querier/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useMutation } from 'react-query';
 import type {

frontend/src/api/generated/services/role/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useMutation, useQuery } from 'react-query';
 import type {

frontend/src/api/generated/services/routepolicies/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useMutation, useQuery } from 'react-query';
 import type {

frontend/src/api/generated/services/rules/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useMutation, useQuery } from 'react-query';
 import type {

frontend/src/api/generated/services/serviceaccount/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useMutation, useQuery } from 'react-query';
 import type {

frontend/src/api/generated/services/sessions/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useMutation, useQuery } from 'react-query';
 import type {

frontend/src/api/generated/services/sigNoz.schemas.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 export interface AlertmanagertypesChannelDTO {
 	/**
@@ -3376,6 +3375,84 @@ export interface InframonitoringtypesClustersDTO {
 	warning?: Querybuildertypesv5QueryWarnDataDTO;
 }
 
+export type InframonitoringtypesDaemonSetRecordDTOMetaAnyOf = {
+	[key: string]: string;
+};
+
+/**
+ * @nullable
+ */
+export type InframonitoringtypesDaemonSetRecordDTOMeta =
+	InframonitoringtypesDaemonSetRecordDTOMetaAnyOf | null;
+
+export interface InframonitoringtypesDaemonSetRecordDTO {
+	/**
+	 * @type integer
+	 */
+	currentNodes: number;
+	/**
+	 * @type number
+	 * @format double
+	 */
+	daemonSetCPU: number;
+	/**
+	 * @type number
+	 * @format double
+	 */
+	daemonSetCPULimit: number;
+	/**
+	 * @type number
+	 * @format double
+	 */
+	daemonSetCPURequest: number;
+	/**
+	 * @type number
+	 * @format double
+	 */
+	daemonSetMemory: number;
+	/**
+	 * @type number
+	 * @format double
+	 */
+	daemonSetMemoryLimit: number;
+	/**
+	 * @type number
+	 * @format double
+	 */
+	daemonSetMemoryRequest: number;
+	/**
+	 * @type string
+	 */
+	daemonSetName: string;
+	/**
+	 * @type integer
+	 */
+	desiredNodes: number;
+	/**
+	 * @type object,null
+	 */
+	meta: InframonitoringtypesDaemonSetRecordDTOMeta;
+	podCountsByPhase: InframonitoringtypesPodCountsByPhaseDTO;
+}
+
+export interface InframonitoringtypesDaemonSetsDTO {
+	/**
+	 * @type boolean
+	 */
+	endTimeBeforeRetention: boolean;
+	/**
+	 * @type array,null
+	 */
+	records: InframonitoringtypesDaemonSetRecordDTO[] | null;
+	requiredMetricsCheck: InframonitoringtypesRequiredMetricsCheckDTO;
+	/**
+	 * @type integer
+	 */
+	total: number;
+	type: InframonitoringtypesResponseTypeDTO;
+	warning?: Querybuildertypesv5QueryWarnDataDTO;
+}
+
 export type InframonitoringtypesDeploymentRecordDTOMetaAnyOf = {
 	[key: string]: string;
 };
@@ -3926,6 +4003,33 @@ export interface InframonitoringtypesPostableClustersDTO {
 	start: number;
 }
 
+export interface InframonitoringtypesPostableDaemonSetsDTO {
+	/**
+	 * @type integer
+	 * @format int64
+	 */
+	end: number;
+	filter?: Querybuildertypesv5FilterDTO;
+	/**
+	 * @type array,null
+	 */
+	groupBy?: Querybuildertypesv5GroupByKeyDTO[] | null;
+	/**
+	 * @type integer
+	 */
+	limit: number;
+	/**
+	 * @type integer
+	 */
+	offset?: number;
+	orderBy?: Querybuildertypesv5OrderByDTO;
+	/**
+	 * @type integer
+	 * @format int64
+	 */
+	start: number;
+}
+
 export interface InframonitoringtypesPostableDeploymentsDTO {
 	/**
 	 * @type integer
@@ -8430,6 +8534,14 @@ export type ListClusters200 = {
 	status: string;
 };
 
+export type ListDaemonSets200 = {
+	data: InframonitoringtypesDaemonSetsDTO;
+	/**
+	 * @type string
+	 */
+	status: string;
+};
+
 export type ListDeployments200 = {
 	data: InframonitoringtypesDeploymentsDTO;
 	/**

frontend/src/api/generated/services/spanmapper/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useMutation, useQuery } from 'react-query';
 import type {

frontend/src/api/generated/services/tracedetail/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useMutation } from 'react-query';
 import type {

frontend/src/api/generated/services/users/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useMutation, useQuery } from 'react-query';
 import type {

frontend/src/api/generated/services/zeus/index.ts

@@ -3,7 +3,6 @@
  * * The file has been auto-generated using Orval for SigNoz
  * * regenerate with 'pnpm generate:api'
  * SigNoz
- * OpenAPI spec version: 0.0.1
  */
 import { useMutation, useQuery } from 'react-query';
 import type {

frontend/src/api/v5/queryRange/convertV5Response.ts

@@ -264,6 +264,7 @@ function convertRawData(
 				date: row.timestamp,
 			} as any,
 		})),
+		nextCursor: rawData.nextCursor,
 	};
 }
 

frontend/src/api/v5/queryRange/prepareQueryRangePayloadV5.ts

@@ -181,7 +181,12 @@ function createBaseSpec(
 					)
 				: undefined,
 		legend: isEmpty(queryData.legend) ? undefined : queryData.legend,
-		having: isEmpty(queryData.having) ? undefined : (queryData?.having as Having),
+		// V4 uses having as array, V5 uses having as object with expression field
+		// If having is an array (V4 format), treat it as undefined for V5
+		having:
+			isEmpty(queryData.having) || Array.isArray(queryData.having)
+				? undefined
+				: (queryData?.having as Having),
 		functions: isEmpty(queryData.functions)
 			? undefined
 			: queryData.functions.map((func: QueryFunction): QueryFunction => {
@@ -409,7 +414,10 @@ function createTraceOperatorBaseSpec(
 					)
 				: undefined,
 		legend: isEmpty(legend) ? undefined : legend,
-		having: isEmpty(having) ? undefined : (having as Having),
+		// V4 uses having as array, V5 uses having as object with expression field
+		// If having is an array (V4 format), treat it as undefined for V5
+		having:
+			isEmpty(having) || Array.isArray(having) ? undefined : (having as Having),
 		selectFields: isEmpty(nonEmptySelectColumns)
 			? undefined
 			: nonEmptySelectColumns?.map(

frontend/src/components/AuthZTooltip/AuthZTooltip.module.scss

@@ -0,0 +1,14 @@
+.wrapper {
+	cursor: not-allowed;
+}
+
+.errorContent {
+	background: var(--callout-error-background) !important;
+	border-color: var(--callout-error-border) !important;
+	backdrop-filter: blur(15px);
+	border-radius: 4px !important;
+	color: var(--foreground) !important;
+	font-style: normal;
+	font-weight: 400;
+	white-space: nowrap;
+}

frontend/src/components/AuthZTooltip/AuthZTooltip.test.tsx

@@ -0,0 +1,145 @@
+import { ReactElement } from 'react';
+import { render, screen } from 'tests/test-utils';
+import { buildPermission } from 'hooks/useAuthZ/utils';
+import type { AuthZObject, BrandedPermission } from 'hooks/useAuthZ/types';
+import { useAuthZ } from 'hooks/useAuthZ/useAuthZ';
+import AuthZTooltip from './AuthZTooltip';
+
+jest.mock('hooks/useAuthZ/useAuthZ');
+const mockUseAuthZ = useAuthZ as jest.MockedFunction<typeof useAuthZ>;
+
+const noPermissions = {
+	isLoading: false,
+	isFetching: false,
+	error: null,
+	permissions: null,
+	refetchPermissions: jest.fn(),
+};
+
+const TestButton = (
+	props: React.ButtonHTMLAttributes<HTMLButtonElement>,
+): ReactElement => (
+	<button type="button" {...props}>
+		Action
+	</button>
+);
+
+const createPerm = buildPermission(
+	'create',
+	'serviceaccount:*' as AuthZObject<'create'>,
+);
+const attachSAPerm = (id: string): BrandedPermission =>
+	buildPermission('attach', `serviceaccount:${id}` as AuthZObject<'attach'>);
+const attachRolePerm = buildPermission(
+	'attach',
+	'role:*' as AuthZObject<'attach'>,
+);
+
+describe('AuthZTooltip — single check', () => {
+	it('renders child unchanged when permission is granted', () => {
+		mockUseAuthZ.mockReturnValue({
+			...noPermissions,
+			permissions: { [createPerm]: { isGranted: true } },
+		});
+
+		render(
+			<AuthZTooltip checks={[createPerm]}>
+				<TestButton />
+			</AuthZTooltip>,
+		);
+
+		expect(screen.getByRole('button', { name: 'Action' })).not.toBeDisabled();
+	});
+
+	it('disables child when permission is denied', () => {
+		mockUseAuthZ.mockReturnValue({
+			...noPermissions,
+			permissions: { [createPerm]: { isGranted: false } },
+		});
+
+		render(
+			<AuthZTooltip checks={[createPerm]}>
+				<TestButton />
+			</AuthZTooltip>,
+		);
+
+		expect(screen.getByRole('button', { name: 'Action' })).toBeDisabled();
+	});
+
+	it('disables child while loading', () => {
+		mockUseAuthZ.mockReturnValue({ ...noPermissions, isLoading: true });
+
+		render(
+			<AuthZTooltip checks={[createPerm]}>
+				<TestButton />
+			</AuthZTooltip>,
+		);
+
+		expect(screen.getByRole('button', { name: 'Action' })).toBeDisabled();
+	});
+});
+
+describe('AuthZTooltip — multi-check (checks array)', () => {
+	it('renders child enabled when all checks are granted', () => {
+		const sa = attachSAPerm('sa-1');
+		mockUseAuthZ.mockReturnValue({
+			...noPermissions,
+			permissions: {
+				[sa]: { isGranted: true },
+				[attachRolePerm]: { isGranted: true },
+			},
+		});
+
+		render(
+			<AuthZTooltip checks={[sa, attachRolePerm]}>
+				<TestButton />
+			</AuthZTooltip>,
+		);
+
+		expect(screen.getByRole('button', { name: 'Action' })).not.toBeDisabled();
+	});
+
+	it('disables child when first check is denied, second granted', () => {
+		const sa = attachSAPerm('sa-1');
+		mockUseAuthZ.mockReturnValue({
+			...noPermissions,
+			permissions: {
+				[sa]: { isGranted: false },
+				[attachRolePerm]: { isGranted: true },
+			},
+		});
+
+		render(
+			<AuthZTooltip checks={[sa, attachRolePerm]}>
+				<TestButton />
+			</AuthZTooltip>,
+		);
+
+		expect(screen.getByRole('button', { name: 'Action' })).toBeDisabled();
+	});
+
+	it('disables child when both checks are denied and lists denied permissions in data attr', () => {
+		const sa = attachSAPerm('sa-1');
+		mockUseAuthZ.mockReturnValue({
+			...noPermissions,
+			permissions: {
+				[sa]: { isGranted: false },
+				[attachRolePerm]: { isGranted: false },
+			},
+		});
+
+		render(
+			<AuthZTooltip checks={[sa, attachRolePerm]}>
+				<TestButton />
+			</AuthZTooltip>,
+		);
+
+		expect(screen.getByRole('button', { name: 'Action' })).toBeDisabled();
+
+		const wrapper = screen.getByRole('button', { name: 'Action' }).parentElement;
+		expect(wrapper?.getAttribute('data-denied-permissions')).toContain(sa);
+		expect(wrapper?.getAttribute('data-denied-permissions')).toContain(
+			attachRolePerm,
+		);
+	});
+});

frontend/src/components/AuthZTooltip/AuthZTooltip.tsx

@@ -0,0 +1,85 @@
+import { ReactElement, cloneElement, useMemo } from 'react';
+import {
+	TooltipRoot,
+	TooltipContent,
+	TooltipProvider,
+	TooltipTrigger,
+} from '@signozhq/ui/tooltip';
+import type { BrandedPermission } from 'hooks/useAuthZ/types';
+import { useAuthZ } from 'hooks/useAuthZ/useAuthZ';
+import { parsePermission } from 'hooks/useAuthZ/utils';
+import styles from './AuthZTooltip.module.scss';
+
+interface AuthZTooltipProps {
+	checks: BrandedPermission[];
+	children: ReactElement;
+	enabled?: boolean;
+	tooltipMessage?: string;
+}
+
+function formatDeniedMessage(
+	denied: BrandedPermission[],
+	override?: string,
+): string {
+	if (override) {
+		return override;
+	}
+	const labels = denied.map((p) => {
+		const { relation, object } = parsePermission(p);
+		const resource = object.split(':')[0];
+		return `${relation} ${resource}`;
+	});
+	return labels.length === 1
+		? `You don't have ${labels[0]} permission`
+		: `You don't have ${labels.join(', ')} permissions`;
+}
+
+function AuthZTooltip({
+	checks,
+	children,
+	enabled = true,
+	tooltipMessage,
+}: AuthZTooltipProps): JSX.Element {
+	const shouldCheck = enabled && checks.length > 0;
+
+	const { permissions, isLoading } = useAuthZ(checks, { enabled: shouldCheck });
+
+	const deniedPermissions = useMemo(() => {
+		if (!permissions) {
+			return [];
+		}
+		return checks.filter((p) => permissions[p]?.isGranted === false);
+	}, [checks, permissions]);
+
+	if (shouldCheck && isLoading) {
+		return (
+			<span className={styles.wrapper}>
+				{cloneElement(children, { disabled: true })}
+			</span>
+		);
+	}
+
+	if (!shouldCheck || deniedPermissions.length === 0) {
+		return children;
+	}
+
+	return (
+		<TooltipProvider>
+			<TooltipRoot>
+				<TooltipTrigger asChild>
+					<span
+						className={styles.wrapper}
+						data-denied-permissions={deniedPermissions.join(',')}
+					>
+						{cloneElement(children, { disabled: true })}
+					</span>
+				</TooltipTrigger>
+				<TooltipContent className={styles.errorContent}>
+					{formatDeniedMessage(deniedPermissions, tooltipMessage)}
+				</TooltipContent>
+			</TooltipRoot>
+		</TooltipProvider>
+	);
+}
+
+export default AuthZTooltip;

frontend/src/components/CreateServiceAccountModal/CreateServiceAccountModal.tsx

@@ -2,6 +2,8 @@ import { Controller, useForm } from 'react-hook-form';
 import { useQueryClient } from 'react-query';
 import { X } from '@signozhq/icons';
 import { Button } from '@signozhq/ui/button';
+import AuthZTooltip from 'components/AuthZTooltip/AuthZTooltip';
+import { SACreatePermission } from 'hooks/useAuthZ/permissions/service-account.permissions';
 import { DialogFooter, DialogWrapper } from '@signozhq/ui/dialog';
 import { Input } from '@signozhq/ui/input';
 import { toast } from '@signozhq/ui/sonner';
@@ -132,17 +134,19 @@ function CreateServiceAccountModal(): JSX.Element {
 					Cancel
 				</Button>
 
-				<Button
-					type="submit"
-					// @ts-expect-error -- form prop not in @signozhq/ui Button type - TODO: Fix this - @SagarRajput
-					form="create-sa-form"
-					variant="solid"
-					color="primary"
-					loading={isSubmitting}
-					disabled={!isValid}
-				>
-					Create Service Account
-				</Button>
+				<AuthZTooltip checks={[SACreatePermission]}>
+					<Button
+						type="submit"
+						// @ts-expect-error -- form prop not in @signozhq/ui Button type - TODO: Fix this - @SagarRajput
+						form="create-sa-form"
+						variant="solid"
+						color="primary"
+						loading={isSubmitting}
+						disabled={!isValid}
+					>
+						Create Service Account
+					</Button>
+				</AuthZTooltip>
 			</DialogFooter>
 		</DialogWrapper>
 	);

frontend/src/components/CreateServiceAccountModal/__tests__/CreateServiceAccountModal.test.tsx

@@ -11,6 +11,15 @@ import {
 
 import CreateServiceAccountModal from '../CreateServiceAccountModal';
 
+jest.mock('components/AuthZTooltip/AuthZTooltip', () => ({
+	__esModule: true,
+	default: ({
+		children,
+	}: {
+		children: React.ReactElement;
+	}): React.ReactElement => children,
+}));
+
 jest.mock('@signozhq/ui/sonner', () => ({
 	...jest.requireActual('@signozhq/ui/sonner'),
 	toast: { success: jest.fn(), error: jest.fn() },
@@ -113,7 +122,9 @@ describe('CreateServiceAccountModal', () => {
 					getErrorMessage: expect.any(Function),
 				}),
 			);
-			const passedError = showErrorModal.mock.calls[0][0] as any;
+			const passedError = showErrorModal.mock.calls[0][0] as {
+				getErrorMessage: () => string;
+			};
 			expect(passedError.getErrorMessage()).toBe('Internal Server Error');
 		});
 
@@ -132,6 +143,9 @@ describe('CreateServiceAccountModal', () => {
 		await user.click(screen.getByRole('button', { name: /Cancel/i }));
 
 		await waitForElementToBeRemoved(dialog);
+		expect(
+			screen.queryByRole('dialog', { name: /New Service Account/i }),
+		).not.toBeInTheDocument();
 	});
 
 	it('shows "Name is required" after clearing the name field', async () => {
@@ -142,6 +156,8 @@ describe('CreateServiceAccountModal', () => {
 		await user.type(nameInput, 'Bot');
 		await user.clear(nameInput);
 
-		await screen.findByText('Name is required');
+		await expect(
+			screen.findByText('Name is required'),
+		).resolves.toBeInTheDocument();
 	});
 });

frontend/src/components/GuardAuthZ/GuardAuthZ.test.tsx

@@ -1,34 +1,13 @@
 import { ReactElement } from 'react';
-import {
-	AuthtypesGettableTransactionDTO,
-	AuthtypesTransactionDTO,
-} from 'api/generated/services/sigNoz.schemas';
-import { ENVIRONMENT } from 'constants/env';
 import { BrandedPermission } from 'hooks/useAuthZ/types';
 import { buildPermission } from 'hooks/useAuthZ/utils';
 import { server } from 'mocks-server/server';
 import { rest } from 'msw';
 import { render, screen, waitFor } from 'tests/test-utils';
+import { AUTHZ_CHECK_URL, authzMockResponse } from 'tests/authz-test-utils';
 
 import { GuardAuthZ } from './GuardAuthZ';
 
-const BASE_URL = ENVIRONMENT.baseURL || '';
-const AUTHZ_CHECK_URL = `${BASE_URL}/api/v1/authz/check`;
-
-function authzMockResponse(
-	payload: AuthtypesTransactionDTO[],
-	authorizedByIndex: boolean[],
-): { data: AuthtypesGettableTransactionDTO[]; status: string } {
-	return {
-		data: payload.map((txn, i) => ({
-			relation: txn.relation,
-			object: txn.object,
-			authorized: authorizedByIndex[i] ?? false,
-		})),
-		status: 'success',
-	};
-}
-
 describe('GuardAuthZ', () => {
 	const TestChild = (): ReactElement => <div>Protected Content</div>;
 	const LoadingFallback = (): ReactElement => <div>Loading...</div>;

frontend/src/components/PermissionDeniedCallout/PermissionDeniedCallout.module.scss

@@ -0,0 +1,4 @@
+.callout {
+	box-sizing: border-box;
+	width: 100%;
+}

frontend/src/components/PermissionDeniedCallout/PermissionDeniedCallout.test.tsx

@@ -0,0 +1,22 @@
+import { render, screen } from 'tests/test-utils';
+import PermissionDeniedCallout from './PermissionDeniedCallout';
+
+describe('PermissionDeniedCallout', () => {
+	it('renders the permission name in the callout message', () => {
+		render(<PermissionDeniedCallout permissionName="serviceaccount:attach" />);
+
+		expect(screen.getByText(/You don't have/)).toBeInTheDocument();
+		expect(screen.getByText(/serviceaccount:attach/)).toBeInTheDocument();
+		expect(screen.getByText(/permission/)).toBeInTheDocument();
+	});
+
+	it('accepts an optional className', () => {
+		const { container } = render(
+			<PermissionDeniedCallout
+				permissionName="serviceaccount:read"
+				className="custom-class"
+			/>,
+		);
+		expect(container.firstChild).toHaveClass('custom-class');
+	});
+});

frontend/src/components/PermissionDeniedCallout/PermissionDeniedCallout.tsx

@@ -0,0 +1,26 @@
+import { Callout } from '@signozhq/ui/callout';
+import cx from 'classnames';
+import styles from './PermissionDeniedCallout.module.scss';
+
+interface PermissionDeniedCalloutProps {
+	permissionName: string;
+	className?: string;
+}
+
+function PermissionDeniedCallout({
+	permissionName,
+	className,
+}: PermissionDeniedCalloutProps): JSX.Element {
+	return (
+		<Callout
+			type="error"
+			showIcon
+			size="small"
+			className={cx(styles.callout, className)}
+		>
+			{`You don't have ${permissionName} permission`}
+		</Callout>
+	);
+}
+
+export default PermissionDeniedCallout;

frontend/src/components/PermissionDeniedFullPage/PermissionDeniedFullPage.module.scss

@@ -0,0 +1,44 @@
+.container {
+	display: flex;
+	align-items: center;
+	justify-content: center;
+	width: 100%;
+	height: 100%;
+	min-height: 50vh;
+	padding: var(--spacing-10);
+}
+
+.content {
+	display: flex;
+	flex-direction: column;
+	align-items: flex-start;
+	gap: var(--spacing-2);
+	max-width: 512px;
+}
+
+.icon {
+	margin-bottom: var(--spacing-1);
+}
+
+.title {
+	margin: 0;
+	font-size: var(--label-base-500-font-size);
+	font-weight: var(--label-base-500-font-weight);
+	line-height: var(--line-height-18);
+	letter-spacing: -0.07px;
+	color: var(--l1-foreground);
+}
+
+.subtitle {
+	margin: 0;
+	font-size: var(--label-base-400-font-size);
+	font-weight: var(--label-base-400-font-weight);
+	line-height: var(--line-height-18);
+	letter-spacing: -0.07px;
+	color: var(--l2-foreground);
+}
+
+.permission {
+	font-family: monospace;
+	color: var(--l2-foreground);
+}

frontend/src/components/PermissionDeniedFullPage/PermissionDeniedFullPage.test.tsx

@@ -0,0 +1,21 @@
+import { render, screen } from 'tests/test-utils';
+import PermissionDeniedFullPage from './PermissionDeniedFullPage';
+
+describe('PermissionDeniedFullPage', () => {
+	it('renders the title and subtitle with the permissionName interpolated', () => {
+		render(<PermissionDeniedFullPage permissionName="serviceaccount:list" />);
+
+		expect(
+			screen.getByText("Uh-oh! You don't have permission to view this page."),
+		).toBeInTheDocument();
+		expect(screen.getByText(/serviceaccount:list/)).toBeInTheDocument();
+		expect(
+			screen.getByText(/Please ask your SigNoz administrator to grant access/),
+		).toBeInTheDocument();
+	});
+
+	it('renders with a different permissionName', () => {
+		render(<PermissionDeniedFullPage permissionName="role:read" />);
+		expect(screen.getByText(/role:read/)).toBeInTheDocument();
+	});
+});

frontend/src/components/PermissionDeniedFullPage/PermissionDeniedFullPage.tsx

@@ -0,0 +1,31 @@
+import { CircleSlash2 } from '@signozhq/icons';
+
+import styles from './PermissionDeniedFullPage.module.scss';
+import { Style } from '@signozhq/design-tokens';
+
+interface PermissionDeniedFullPageProps {
+	permissionName: string;
+}
+
+function PermissionDeniedFullPage({
+	permissionName,
+}: PermissionDeniedFullPageProps): JSX.Element {
+	return (
+		<div className={styles.container}>
+			<div className={styles.content}>
+				<span className={styles.icon}>
+					<CircleSlash2 color={Style.CALLOUT_WARNING_TITLE} size={14} />
+				</span>
+				<p className={styles.title}>
+					Uh-oh! You don&apos;t have permission to view this page.
+				</p>
+				<p className={styles.subtitle}>
+					You need <code className={styles.permission}>{permissionName}</code> to
+					view this page. Please ask your SigNoz administrator to grant access.
+				</p>
+			</div>
+		</div>
+	);
+}
+
+export default PermissionDeniedFullPage;

frontend/src/components/QueryBuilderV2/QueryV2/QuerySearch/Provider/QuerySearchV2.provider.tsx

@@ -1,14 +1,14 @@
-import { ReactNode, useCallback, useEffect, useMemo, useRef } from 'react';
+import { ReactNode, useEffect, useRef } from 'react';
 import { parseAsString, useQueryState } from 'nuqs';
 import { useStore } from 'zustand';
 
-import {
-	combineInitialAndUserExpression,
-	getUserExpressionFromCombined,
-} from '../utils';
+import { getUserExpressionFromCombined } from '../utils';
 import { QuerySearchV2Context } from './context';
-import type { QuerySearchV2ContextValue } from './QuerySearchV2.store';
-import { createExpressionStore } from './QuerySearchV2.store';
+import {
+	createExpressionStore,
+	QuerySearchV2Store,
+} from './QuerySearchV2.store';
+import type { StoreApi } from 'zustand';
 
 export interface QuerySearchV2ProviderProps {
 	queryParamKey: string;
@@ -22,7 +22,7 @@ export interface QuerySearchV2ProviderProps {
 
 /**
  * Provider component that creates a scoped zustand store and exposes
- * expression state to children via context.
+ * the store via context. Handles URL synchronization.
  */
 export function QuerySearchV2Provider({
 	initialExpression = '',
@@ -30,7 +30,10 @@ export function QuerySearchV2Provider({
 	queryParamKey,
 	children,
 }: QuerySearchV2ProviderProps): JSX.Element {
-	const storeRef = useRef(createExpressionStore());
+	const storeRef = useRef<StoreApi<QuerySearchV2Store> | null>(null);
+	if (!storeRef.current) {
+		storeRef.current = createExpressionStore();
+	}
 	const store = storeRef.current;
 
 	const [urlExpression, setUrlExpression] = useQueryState(
@@ -39,10 +42,10 @@ export function QuerySearchV2Provider({
 	);
 
 	const committedExpression = useStore(store, (s) => s.committedExpression);
-	const setInputExpression = useStore(store, (s) => s.setInputExpression);
-	const commitExpression = useStore(store, (s) => s.commitExpression);
-	const initializeFromUrl = useStore(store, (s) => s.initializeFromUrl);
-	const resetExpression = useStore(store, (s) => s.resetExpression);
+
+	useEffect(() => {
+		store.getState().setInitialExpression(initialExpression);
+	}, [initialExpression, store]);
 
 	const isInitialized = useRef(false);
 	useEffect(() => {
@@ -51,10 +54,10 @@ export function QuerySearchV2Provider({
 				initialExpression,
 				urlExpression,
 			);
-			initializeFromUrl(cleanedExpression);
+			store.getState().initializeFromUrl(cleanedExpression);
 			isInitialized.current = true;
 		}
-	}, [urlExpression, initialExpression, initializeFromUrl]);
+	}, [urlExpression, initialExpression, store]);
 
 	useEffect(() => {
 		if (isInitialized.current || !urlExpression) {
@@ -66,60 +69,13 @@ export function QuerySearchV2Provider({
 		return (): void => {
 			if (!persistOnUnmount) {
 				setUrlExpression(null);
-				resetExpression();
+				store.getState().resetExpression();
 			}
 		};
-	}, [persistOnUnmount, setUrlExpression, resetExpression]);
-
-	const handleChange = useCallback(
-		(expression: string): void => {
-			const userOnly = getUserExpressionFromCombined(
-				initialExpression,
-				expression,
-			);
-			setInputExpression(userOnly);
-		},
-		[initialExpression, setInputExpression],
-	);
-
-	const handleRun = useCallback(
-		(expression: string): void => {
-			const userOnly = getUserExpressionFromCombined(
-				initialExpression,
-				expression,
-			);
-			commitExpression(userOnly);
-		},
-		[initialExpression, commitExpression],
-	);
-
-	const combinedExpression = useMemo(
-		() => combineInitialAndUserExpression(initialExpression, committedExpression),
-		[initialExpression, committedExpression],
-	);
-
-	const contextValue = useMemo<QuerySearchV2ContextValue>(
-		() => ({
-			expression: combinedExpression,
-			userExpression: committedExpression,
-			initialExpression,
-			querySearchProps: {
-				initialExpression: initialExpression.trim() ? initialExpression : undefined,
-				onChange: handleChange,
-				onRun: handleRun,
-			},
-		}),
-		[
-			combinedExpression,
-			committedExpression,
-			initialExpression,
-			handleChange,
-			handleRun,
-		],
-	);
+	}, [persistOnUnmount, setUrlExpression, store]);
 
 	return (
-		<QuerySearchV2Context.Provider value={contextValue}>
+		<QuerySearchV2Context.Provider value={store}>
 			{children}
 		</QuerySearchV2Context.Provider>
 	);

frontend/src/components/QueryBuilderV2/QueryV2/QuerySearch/Provider/QuerySearchV2.store.ts

@@ -1,6 +1,10 @@
 import { createStore, StoreApi } from 'zustand';
 
 export type QuerySearchV2Store = {
+	/**
+	 * Initial expression (set by provider, used to combine with user expression)
+	 */
+	initialExpression: string;
 	/**
 	 * User-typed expression (local state, updates on typing)
 	 */
@@ -9,32 +13,21 @@ export type QuerySearchV2Store = {
 	 * Committed expression (synced to URL, updates on submit)
 	 */
 	committedExpression: string;
+	setInitialExpression: (expression: string) => void;
 	setInputExpression: (expression: string) => void;
 	commitExpression: (expression: string) => void;
 	resetExpression: () => void;
 	initializeFromUrl: (urlExpression: string) => void;
 };
 
-export interface QuerySearchProps {
-	initialExpression: string | undefined;
-	onChange: (expression: string) => void;
-	onRun: (expression: string) => void;
-}
-
-export interface QuerySearchV2ContextValue {
-	/**
-	 * Combined expression: "initialExpression AND (userExpression)"
-	 */
-	expression: string;
-	userExpression: string;
-	initialExpression: string;
-	querySearchProps: QuerySearchProps;
-}
-
 export function createExpressionStore(): StoreApi<QuerySearchV2Store> {
 	return createStore<QuerySearchV2Store>((set) => ({
+		initialExpression: '',
 		inputExpression: '',
 		committedExpression: '',
+		setInitialExpression: (expression: string): void => {
+			set({ initialExpression: expression });
+		},
 		setInputExpression: (expression: string): void => {
 			set({ inputExpression: expression });
 		},

frontend/src/components/QueryBuilderV2/QueryV2/QuerySearch/Provider/__tests__/QuerySearchExpressionProvider.test.tsx

@@ -1,7 +1,14 @@
 import { ReactNode } from 'react';
 import { act, renderHook } from '@testing-library/react';
 
-import { useQuerySearchV2Context } from '../context';
+import {
+	useExpression,
+	useInitialExpression,
+	useQuerySearchInitialExpressionProp,
+	useQuerySearchOnChange,
+	useQuerySearchOnRun,
+	useUserExpression,
+} from '../context';
 import {
 	QuerySearchV2Provider,
 	QuerySearchV2ProviderProps,
@@ -27,6 +34,24 @@ function createWrapper(
 	};
 }
 
+function useTestHooks(): {
+	expression: string;
+	userExpression: string;
+	initialExpression: string;
+	querySearchInitialExpressionProp: string | undefined;
+	onChange: (expr: string) => void;
+	onRun: (expr: string) => void;
+} {
+	return {
+		expression: useExpression(),
+		userExpression: useUserExpression(),
+		initialExpression: useInitialExpression(),
+		querySearchInitialExpressionProp: useQuerySearchInitialExpressionProp(),
+		onChange: useQuerySearchOnChange(),
+		onRun: useQuerySearchOnRun(),
+	};
+}
+
 describe('QuerySearchExpressionProvider', () => {
 	beforeEach(() => {
 		jest.clearAllMocks();
@@ -34,7 +59,7 @@ describe('QuerySearchExpressionProvider', () => {
 	});
 
 	it('should provide initial context values', () => {
-		const { result } = renderHook(() => useQuerySearchV2Context(), {
+		const { result } = renderHook(() => useTestHooks(), {
 			wrapper: createWrapper(),
 		});
 
@@ -44,7 +69,7 @@ describe('QuerySearchExpressionProvider', () => {
 	});
 
 	it('should combine initialExpression with userExpression', () => {
-		const { result } = renderHook(() => useQuerySearchV2Context(), {
+		const { result } = renderHook(() => useTestHooks(), {
 			wrapper: createWrapper({ initialExpression: 'k8s.pod.name = "my-pod"' }),
 		});
 
@@ -52,10 +77,10 @@ describe('QuerySearchExpressionProvider', () => {
 		expect(result.current.initialExpression).toBe('k8s.pod.name = "my-pod"');
 
 		act(() => {
-			result.current.querySearchProps.onChange('service = "api"');
+			result.current.onChange('service = "api"');
 		});
 		act(() => {
-			result.current.querySearchProps.onRun('service = "api"');
+			result.current.onRun('service = "api"');
 		});
 
 		expect(result.current.expression).toBe(
@@ -65,19 +90,19 @@ describe('QuerySearchExpressionProvider', () => {
 	});
 
 	it('should provide querySearchProps with correct callbacks', () => {
-		const { result } = renderHook(() => useQuerySearchV2Context(), {
+		const { result } = renderHook(() => useTestHooks(), {
 			wrapper: createWrapper({ initialExpression: 'initial' }),
 		});
 
-		expect(result.current.querySearchProps.initialExpression).toBe('initial');
-		expect(typeof result.current.querySearchProps.onChange).toBe('function');
-		expect(typeof result.current.querySearchProps.onRun).toBe('function');
+		expect(result.current.querySearchInitialExpressionProp).toBe('initial');
+		expect(typeof result.current.onChange).toBe('function');
+		expect(typeof result.current.onRun).toBe('function');
 	});
 
 	it('should initialize from URL value on mount', () => {
 		mockUrlValue = 'status = 500';
 
-		const { result } = renderHook(() => useQuerySearchV2Context(), {
+		const { result } = renderHook(() => useTestHooks(), {
 			wrapper: createWrapper(),
 		});
 
@@ -87,9 +112,9 @@ describe('QuerySearchExpressionProvider', () => {
 
 	it('should throw error when used outside provider', () => {
 		expect(() => {
-			renderHook(() => useQuerySearchV2Context());
+			renderHook(() => useExpression());
 		}).toThrow(
-			'useQuerySearchV2Context must be used within a QuerySearchV2Provider',
+			'useQuerySearchV2Store must be used within a QuerySearchV2Provider',
 		);
 	});
 });

frontend/src/components/QueryBuilderV2/QueryV2/QuerySearch/Provider/context.ts

@@ -1,17 +1,80 @@
 // eslint-disable-next-line no-restricted-imports -- React Context required for scoped store pattern
-import { createContext, useContext } from 'react';
+import { createContext, useCallback, useContext } from 'react';
+import { StoreApi, useStore } from 'zustand';
 
-import type { QuerySearchV2ContextValue } from './QuerySearchV2.store';
+import {
+	combineInitialAndUserExpression,
+	getUserExpressionFromCombined,
+} from '../utils';
+import type { QuerySearchV2Store } from './QuerySearchV2.store';
 
 export const QuerySearchV2Context =
-	createContext<QuerySearchV2ContextValue | null>(null);
+	createContext<StoreApi<QuerySearchV2Store> | null>(null);
 
-export function useQuerySearchV2Context(): QuerySearchV2ContextValue {
-	const context = useContext(QuerySearchV2Context);
-	if (!context) {
+function useQuerySearchV2Store(): StoreApi<QuerySearchV2Store> {
+	const store = useContext(QuerySearchV2Context);
+	if (!store) {
 		throw new Error(
-			'useQuerySearchV2Context must be used within a QuerySearchV2Provider',
+			'useQuerySearchV2Store must be used within a QuerySearchV2Provider',
 		);
 	}
-	return context;
+	return store;
+}
+
+export function useInitialExpression(): string {
+	const store = useQuerySearchV2Store();
+	return useStore(store, (s) => s.initialExpression);
+}
+
+export function useInputExpression(): string {
+	const store = useQuerySearchV2Store();
+	return useStore(store, (s) => s.inputExpression);
+}
+
+export function useUserExpression(): string {
+	const store = useQuerySearchV2Store();
+	return useStore(store, (s) => s.committedExpression);
+}
+
+export function useExpression(): string {
+	const store = useQuerySearchV2Store();
+	return useStore(store, (s) =>
+		combineInitialAndUserExpression(s.initialExpression, s.committedExpression),
+	);
+}
+
+export function useQuerySearchOnChange(): (expression: string) => void {
+	const store = useQuerySearchV2Store();
+
+	return useCallback(
+		(expression: string): void => {
+			const userOnly = getUserExpressionFromCombined(
+				store.getState().initialExpression,
+				expression,
+			);
+			store.getState().setInputExpression(userOnly);
+		},
+		[store],
+	);
+}
+
+export function useQuerySearchOnRun(): (expression: string) => void {
+	const store = useQuerySearchV2Store();
+	const initialExpression = useStore(store, (s) => s.initialExpression);
+
+	return useCallback(
+		(expression: string): void => {
+			const userOnly = getUserExpressionFromCombined(
+				initialExpression,
+				expression,
+			);
+			store.getState().commitExpression(userOnly);
+		},
+		[store, initialExpression],
+	);
+}
+
+export function useQuerySearchInitialExpressionProp(): string | undefined {
+	const initialExpression = useInitialExpression();
+	return initialExpression.trim() ? initialExpression : undefined;
 }

frontend/src/components/QueryBuilderV2/QueryV2/QuerySearch/Provider/index.ts

@@ -1,8 +1,12 @@
-export { useQuerySearchV2Context } from './context';
+export {
+	useExpression,
+	useInitialExpression,
+	useInputExpression,
+	useQuerySearchInitialExpressionProp,
+	useQuerySearchOnChange,
+	useQuerySearchOnRun,
+	useUserExpression,
+} from './context';
 export type { QuerySearchV2ProviderProps } from './QuerySearchV2.provider';
 export { QuerySearchV2Provider } from './QuerySearchV2.provider';
-export type {
-	QuerySearchProps,
-	QuerySearchV2ContextValue,
-	QuerySearchV2Store,
-} from './QuerySearchV2.store';
+export type { QuerySearchV2Store } from './QuerySearchV2.store';

frontend/src/components/QueryBuilderV2/index.ts

@@ -1,11 +1,16 @@
 export type {
-	QuerySearchProps,
-	QuerySearchV2ContextValue,
 	QuerySearchV2ProviderProps,
+	QuerySearchV2Store,
 } from './QueryV2/QuerySearch/Provider';
 export {
 	QuerySearchV2Provider,
-	useQuerySearchV2Context,
+	useExpression,
+	useInitialExpression,
+	useInputExpression,
+	useQuerySearchInitialExpressionProp,
+	useQuerySearchOnChange,
+	useQuerySearchOnRun,
+	useUserExpression,
 } from './QueryV2/QuerySearch/Provider';
 export { QueryBuilderV2 } from './QueryBuilderV2';
 export {

frontend/src/components/QuickFilters/FilterRenderers/Checkbox/Checkbox.tsx

@@ -32,10 +32,24 @@ import { isKeyMatch } from './utils';
 import './Checkbox.styles.scss';
 
 const SELECTED_OPERATORS = [OPERATORS['='], 'in'];
-const NON_SELECTED_OPERATORS = [OPERATORS['!='], 'not in'];
+const NON_SELECTED_OPERATORS = [OPERATORS['!='], 'not in', 'nin'];
 
 const SOURCES_WITH_EMPTY_STATE_ENABLED = [QuickFiltersSource.LOGS_EXPLORER];
 
+// Sources that use backend APIs expecting short operator format (e.g., 'nin' instead of 'not in')
+const SOURCES_WITH_SHORT_OPERATORS = [QuickFiltersSource.INFRA_MONITORING];
+
+/**
+ * Returns the correct NOT_IN operator value based on source.
+ * InfraMonitoring backend expects 'nin', others expect 'not in'.
+ */
+function getNotInOperator(source: QuickFiltersSource): string {
+	if (SOURCES_WITH_SHORT_OPERATORS.includes(source)) {
+		return 'nin';
+	}
+	return getOperatorValue('NOT_IN');
+}
+
 function setDefaultValues(
 	values: string[],
 	trueOrFalse: boolean,
@@ -401,6 +415,7 @@ export default function CheckboxFilter(props: ICheckboxProps): JSX.Element {
 								}
 							}
 							break;
+						case 'nin':
 						case 'not in':
 							// if the current running operator is NIN then when unchecking the value it gets
 							// added to the clause like key NIN [value1 , currentUnselectedValue]
@@ -495,7 +510,7 @@ export default function CheckboxFilter(props: ICheckboxProps): JSX.Element {
 							if (!checked) {
 								const newFilter = {
 									...currentFilter,
-									op: getOperatorValue('NOT_IN'),
+									op: getNotInOperator(source),
 									value: [currentFilter.value as string, value],
 								};
 								query.filters.items = query.filters.items.map((item) => {
@@ -518,7 +533,7 @@ export default function CheckboxFilter(props: ICheckboxProps): JSX.Element {
 				// case  - when there is no filter for the current key that means all are selected right now.
 				const newFilterItem: TagFilterItem = {
 					id: uuid(),
-					op: getOperatorValue('NOT_IN'),
+					op: getNotInOperator(source),
 					key: filter.attributeKey,
 					value,
 				};

frontend/src/components/RolesSelect/RolesSelect.tsx

@@ -80,6 +80,7 @@ interface BaseProps {
 	isError?: boolean;
 	error?: APIError;
 	onRefetch?: () => void;
+	disabled?: boolean;
 }
 
 interface SingleProps extends BaseProps {
@@ -123,6 +124,7 @@ function RolesSelect(props: RolesSelectProps): JSX.Element {
 		isError = internalError,
 		error = convertToApiError(internalErrorObj),
 		onRefetch = externalRoles === undefined ? internalRefetch : undefined,
+		disabled,
 	} = props;
 
 	const notFoundContent = isError ? (
@@ -142,6 +144,7 @@ function RolesSelect(props: RolesSelectProps): JSX.Element {
 				loading={loading}
 				notFoundContent={notFoundContent}
 				options={options}
+				optionFilterProp="label"
 				optionRender={(option): JSX.Element => (
 					<Checkbox
 						checked={value.includes(option.value as string)}
@@ -151,6 +154,7 @@ function RolesSelect(props: RolesSelectProps): JSX.Element {
 					</Checkbox>
 				)}
 				getPopupContainer={getPopupContainer}
+				disabled={disabled}
 			/>
 		);
 	}
@@ -159,6 +163,7 @@ function RolesSelect(props: RolesSelectProps): JSX.Element {
 	return (
 		<Select
 			id={id}
+			showSearch
 			value={value || undefined}
 			onChange={onChange}
 			placeholder={placeholder}
@@ -167,7 +172,9 @@ function RolesSelect(props: RolesSelectProps): JSX.Element {
 			loading={loading}
 			notFoundContent={notFoundContent}
 			options={options}
+			optionFilterProp="label"
 			getPopupContainer={getPopupContainer}
+			disabled={disabled}
 		/>
 	);
 }

frontend/src/components/ServiceAccountDrawer/AddKeyModal/KeyFormPhase.tsx

@@ -4,6 +4,11 @@ import { Button } from '@signozhq/ui/button';
 import { Input } from '@signozhq/ui/input';
 import { ToggleGroup, ToggleGroupItem } from '@signozhq/ui/toggle-group';
 import { DatePicker } from 'antd';
+import AuthZTooltip from 'components/AuthZTooltip/AuthZTooltip';
+import {
+	APIKeyCreatePermission,
+	buildSAAttachPermission,
+} from 'hooks/useAuthZ/permissions/service-account.permissions';
 import { popupContainer } from 'utils/selectPopupContainer';
 
 import { disabledDate } from '../utils';
@@ -18,6 +23,7 @@ export interface KeyFormPhaseProps {
 	isValid: boolean;
 	onSubmit: () => void;
 	onClose: () => void;
+	accountId?: string;
 }
 
 function KeyFormPhase({
@@ -28,6 +34,7 @@ function KeyFormPhase({
 	isValid,
 	onSubmit,
 	onClose,
+	accountId,
 }: KeyFormPhaseProps): JSX.Element {
 	return (
 		<>
@@ -111,17 +118,25 @@ function KeyFormPhase({
 					<Button variant="solid" color="secondary" onClick={onClose}>
 						Cancel
 					</Button>
-					<Button
-						type="submit"
-						// @ts-expect-error -- form prop not in @signozhq/ui Button type - TODO: Fix this - @SagarRajput
-						form={FORM_ID}
-						variant="solid"
-						color="primary"
-						loading={isSubmitting}
-						disabled={!isValid}
+					<AuthZTooltip
+						checks={[
+							APIKeyCreatePermission,
+							buildSAAttachPermission(accountId ?? ''),
+						]}
+						enabled={!!accountId}
 					>
-						Create Key
-					</Button>
+						<Button
+							type="submit"
+							// @ts-expect-error -- form prop not in @signozhq/ui Button type - TODO: Fix this - @SagarRajput
+							form={FORM_ID}
+							variant="solid"
+							color="primary"
+							loading={isSubmitting}
+							disabled={!isValid}
+						>
+							Create Key
+						</Button>
+					</AuthZTooltip>
 				</div>
 			</div>
 		</>

frontend/src/components/ServiceAccountDrawer/AddKeyModal/index.tsx

@@ -161,6 +161,7 @@ function AddKeyModal(): JSX.Element {
 					isValid={isValid}
 					onSubmit={handleSubmit(handleCreate)}
 					onClose={handleClose}
+					accountId={accountId ?? undefined}
 				/>
 			)}
 

frontend/src/components/ServiceAccountDrawer/DeleteAccountModal.tsx

@@ -1,6 +1,8 @@
 import { useQueryClient } from 'react-query';
 import { Trash2, X } from '@signozhq/icons';
 import { Button } from '@signozhq/ui/button';
+import AuthZTooltip from 'components/AuthZTooltip/AuthZTooltip';
+import { buildSADeletePermission } from 'hooks/useAuthZ/permissions/service-account.permissions';
 import { DialogWrapper } from '@signozhq/ui/dialog';
 import { toast } from '@signozhq/ui/sonner';
 import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
@@ -65,7 +67,7 @@ function DeleteAccountModal(): JSX.Element {
 	}
 
 	function handleCancel(): void {
-		setIsDeleteOpen(null);
+		void setIsDeleteOpen(null);
 	}
 
 	const content = (
@@ -82,15 +84,20 @@ function DeleteAccountModal(): JSX.Element {
 				<X size={12} />
 				Cancel
 			</Button>
-			<Button
-				variant="solid"
-				color="destructive"
-				loading={isDeleting}
-				onClick={handleConfirm}
+			<AuthZTooltip
+				checks={[buildSADeletePermission(accountId ?? '')]}
+				enabled={!!accountId}
 			>
-				<Trash2 size={12} />
-				Delete
-			</Button>
+				<Button
+					variant="solid"
+					color="destructive"
+					loading={isDeleting}
+					onClick={handleConfirm}
+				>
+					<Trash2 size={12} />
+					Delete
+				</Button>
+			</AuthZTooltip>
 		</div>
 	);
 

frontend/src/components/ServiceAccountDrawer/EditKeyModal/EditKeyForm.tsx

@@ -7,6 +7,12 @@ import { Input } from '@signozhq/ui/input';
 import { ToggleGroup, ToggleGroupItem } from '@signozhq/ui/toggle-group';
 import { DatePicker } from 'antd';
 import type { ServiceaccounttypesGettableFactorAPIKeyDTO } from 'api/generated/services/sigNoz.schemas';
+import AuthZTooltip from 'components/AuthZTooltip/AuthZTooltip';
+import {
+	buildAPIKeyDeletePermission,
+	buildAPIKeyUpdatePermission,
+	buildSADetachPermission,
+} from 'hooks/useAuthZ/permissions/service-account.permissions';
 import { popupContainer } from 'utils/selectPopupContainer';
 
 import { disabledDate, formatLastObservedAt } from '../utils';
@@ -24,6 +30,8 @@ export interface EditKeyFormProps {
 	onClose: () => void;
 	onRevokeClick: () => void;
 	formatTimezoneAdjustedTimestamp: (ts: string, format: string) => string;
+	canUpdate?: boolean;
+	accountId?: string;
 }
 
 function EditKeyForm({
@@ -37,6 +45,8 @@ function EditKeyForm({
 	onClose,
 	onRevokeClick,
 	formatTimezoneAdjustedTimestamp,
+	canUpdate = true,
+	accountId = '',
 }: EditKeyFormProps): JSX.Element {
 	return (
 		<>
@@ -45,12 +55,34 @@ function EditKeyForm({
 					<label className="edit-key-modal__label" htmlFor="edit-key-name">
 						Name
 					</label>
-					<Input
-						id="edit-key-name"
-						className="edit-key-modal__input"
-						placeholder="Enter key name"
-						{...register('name')}
-					/>
+					{!canUpdate ? (
+						<AuthZTooltip
+							checks={[buildAPIKeyUpdatePermission(keyItem?.id ?? '')]}
+							enabled={!!keyItem?.id}
+						>
+							<div className="edit-key-modal__key-display">
+								<span className="edit-key-modal__id-text">{keyItem?.name || '—'}</span>
+								<LockKeyhole size={12} className="edit-key-modal__lock-icon" />
+							</div>
+						</AuthZTooltip>
+					) : (
+						<Input
+							id="edit-key-name"
+							className="edit-key-modal__input"
+							placeholder="Enter key name"
+							{...register('name')}
+						/>
+					)}
+				</div>
+
+				<div className="edit-key-modal__field">
+					<label className="edit-key-modal__label" htmlFor="edit-key-id">
+						ID
+					</label>
+					<div id="edit-key-id" className="edit-key-modal__key-display">
+						<span className="edit-key-modal__id-text">{keyItem?.id || '—'}</span>
+						<LockKeyhole size={12} className="edit-key-modal__lock-icon" />
+					</div>
 				</div>
 
 				<div className="edit-key-modal__field">
@@ -73,21 +105,22 @@ function EditKeyForm({
 								type="single"
 								value={field.value}
 								onChange={(val): void => {
-									if (val) {
+									if (val && canUpdate) {
 										field.onChange(val);
 									}
 								}}
-								size="sm"
 								className="edit-key-modal__expiry-toggle"
 							>
 								<ToggleGroupItem
 									value={ExpiryMode.NONE}
+									disabled={!canUpdate}
 									className="edit-key-modal__expiry-toggle-btn"
 								>
 									No Expiration
 								</ToggleGroupItem>
 								<ToggleGroupItem
 									value={ExpiryMode.DATE}
+									disabled={!canUpdate}
 									className="edit-key-modal__expiry-toggle-btn"
 								>
 									Set Expiration Date
@@ -114,6 +147,7 @@ function EditKeyForm({
 										popupClassName="edit-key-modal-datepicker-popup"
 										getPopupContainer={popupContainer}
 										disabledDate={disabledDate}
+										disabled={!canUpdate}
 									/>
 								)}
 							/>
@@ -133,26 +167,39 @@ function EditKeyForm({
 			</form>
 
 			<div className="edit-key-modal__footer">
-				<Button variant="link" color="destructive" onClick={onRevokeClick}>
-					<Trash2 size={12} />
-					Revoke Key
-				</Button>
+				<AuthZTooltip
+					checks={[
+						buildAPIKeyDeletePermission(keyItem?.id ?? ''),
+						buildSADetachPermission(accountId ?? ''),
+					]}
+					enabled={!!accountId && !!keyItem?.id}
+				>
+					<Button variant="link" color="destructive" onClick={onRevokeClick}>
+						<Trash2 size={12} />
+						Revoke Key
+					</Button>
+				</AuthZTooltip>
 				<div className="edit-key-modal__footer-right">
 					<Button variant="solid" color="secondary" onClick={onClose}>
 						<X size={12} />
 						Cancel
 					</Button>
-					<Button
-						type="submit"
-						// @ts-expect-error -- form prop not in @signozhq/ui Button type - TODO: Fix this - @SagarRajput
-						form={FORM_ID}
-						variant="solid"
-						color="primary"
-						loading={isSaving}
-						disabled={!isDirty}
+					<AuthZTooltip
+						checks={[buildAPIKeyUpdatePermission(keyItem?.id ?? '')]}
+						enabled={!!accountId && !!keyItem?.id}
 					>
-						Save Changes
-					</Button>
+						<Button
+							type="submit"
+							// @ts-expect-error -- form prop not in @signozhq/ui Button type - TODO: Fix this - @SagarRajput
+							form={FORM_ID}
+							variant="solid"
+							color="primary"
+							loading={isSaving}
+							disabled={!isDirty}
+						>
+							Save Changes
+						</Button>
+					</AuthZTooltip>
 				</div>
 			</div>
 		</>

frontend/src/components/ServiceAccountDrawer/EditKeyModal/EditKeyModal.styles.scss

@@ -60,6 +60,16 @@
 		letter-spacing: 2px;
 	}
 
+	&__id-text {
+		font-size: 13px;
+		font-family: monospace;
+		color: var(--foreground);
+		white-space: nowrap;
+		overflow: hidden;
+		text-overflow: ellipsis;
+		flex: 1;
+	}
+
 	&__lock-icon {
 		color: var(--foreground);
 		flex-shrink: 0;

frontend/src/components/ServiceAccountDrawer/EditKeyModal/index.tsx

@@ -16,6 +16,8 @@ import type {
 import { AxiosError } from 'axios';
 import { SA_QUERY_PARAMS } from 'container/ServiceAccountsSettings/constants';
 import dayjs from 'dayjs';
+import { buildAPIKeyUpdatePermission } from 'hooks/useAuthZ/permissions/service-account.permissions';
+import { useAuthZ } from 'hooks/useAuthZ/useAuthZ';
 import { parseAsString, useQueryState } from 'nuqs';
 import { useErrorModal } from 'providers/ErrorModalProvider';
 import { useTimezone } from 'providers/Timezone';
@@ -69,6 +71,16 @@ function EditKeyModal({ keyItem }: EditKeyModalProps): JSX.Element {
 
 	const expiryMode = watch('expiryMode');
 
+	const { permissions: editPermissions, isLoading: isAuthZLoading } = useAuthZ(
+		editKeyId ? [buildAPIKeyUpdatePermission(editKeyId)] : [],
+		{ enabled: !!editKeyId },
+	);
+
+	const canUpdate = isAuthZLoading
+		? false
+		: (editPermissions?.[buildAPIKeyUpdatePermission(editKeyId ?? '')]
+				?.isGranted ?? true);
+
 	const { mutate: updateKey, isLoading: isSaving } = useUpdateServiceAccountKey({
 		mutation: {
 			onSuccess: async () => {
@@ -115,7 +127,7 @@ function EditKeyModal({ keyItem }: EditKeyModalProps): JSX.Element {
 		});
 
 	function handleClose(): void {
-		setEditKeyId(null);
+		void setEditKeyId(null);
 		setIsRevokeConfirmOpen(false);
 	}
 
@@ -169,6 +181,8 @@ function EditKeyModal({ keyItem }: EditKeyModalProps): JSX.Element {
 						isRevoking={isRevoking}
 						onCancel={(): void => setIsRevokeConfirmOpen(false)}
 						onConfirm={handleRevoke}
+						accountId={selectedAccountId ?? undefined}
+						keyId={keyItem?.id ?? undefined}
 					/>
 				) : undefined
 			}
@@ -190,6 +204,8 @@ function EditKeyModal({ keyItem }: EditKeyModalProps): JSX.Element {
 					onClose={handleClose}
 					onRevokeClick={(): void => setIsRevokeConfirmOpen(true)}
 					formatTimezoneAdjustedTimestamp={formatTimezoneAdjustedTimestamp}
+					canUpdate={canUpdate}
+					accountId={selectedAccountId ?? ''}
 				/>
 			)}
 		</DialogWrapper>

frontend/src/components/ServiceAccountDrawer/KeysTab.tsx

@@ -1,9 +1,16 @@
-import { useCallback, useMemo } from 'react';
+import React, { useCallback, useMemo } from 'react';
 import { KeyRound, X } from '@signozhq/icons';
 import { Button } from '@signozhq/ui/button';
-import { Skeleton, Table, Tooltip } from 'antd';
+import { Skeleton, Table } from 'antd';
 import type { ColumnsType } from 'antd/es/table/interface';
 import type { ServiceaccounttypesGettableFactorAPIKeyDTO } from 'api/generated/services/sigNoz.schemas';
+import AuthZTooltip from 'components/AuthZTooltip/AuthZTooltip';
+import {
+	APIKeyCreatePermission,
+	buildAPIKeyDeletePermission,
+	buildSAAttachPermission,
+	buildSADetachPermission,
+} from 'hooks/useAuthZ/permissions/service-account.permissions';
 import { DATE_TIME_FORMATS } from 'constants/dateTimeFormats';
 import dayjs from 'dayjs';
 import { parseAsBoolean, parseAsString, useQueryState } from 'nuqs';
@@ -17,12 +24,15 @@ interface KeysTabProps {
 	keys: ServiceaccounttypesGettableFactorAPIKeyDTO[];
 	isLoading: boolean;
 	isDisabled?: boolean;
+	canUpdate?: boolean;
+	accountId?: string;
 	currentPage: number;
 	pageSize: number;
 }
 
 interface BuildColumnsParams {
 	isDisabled: boolean;
+	accountId: string;
 	onRevokeClick: (keyId: string) => void;
 	handleformatLastObservedAt: (
 		lastObservedAt: Date | null | undefined,
@@ -42,6 +52,7 @@ function formatExpiry(expiresAt: number): JSX.Element {
 
 function buildColumns({
 	isDisabled,
+	accountId,
 	onRevokeClick,
 	handleformatLastObservedAt,
 }: BuildColumnsParams): ColumnsType<ServiceaccounttypesGettableFactorAPIKeyDTO> {
@@ -92,22 +103,34 @@ function buildColumns({
 			key: 'action',
 			width: 48,
 			align: 'right' as const,
+			onCell: (): {
+				onClick: (e: React.MouseEvent) => void;
+				style: React.CSSProperties;
+			} => ({
+				onClick: (e): void => e.stopPropagation(),
+				style: { cursor: 'default' },
+			}),
 			render: (_, record): JSX.Element => (
-				<Tooltip title={isDisabled ? 'Service account disabled' : 'Revoke Key'}>
+				<AuthZTooltip
+					checks={[
+						buildAPIKeyDeletePermission(record.id),
+						buildSADetachPermission(accountId),
+					]}
+					enabled={!isDisabled && !!accountId}
+				>
 					<Button
 						variant="ghost"
 						size="sm"
 						color="destructive"
 						disabled={isDisabled}
-						onClick={(e): void => {
-							e.stopPropagation();
+						onClick={(): void => {
 							onRevokeClick(record.id);
 						}}
 						className="keys-tab__revoke-btn"
 					>
 						<X size={12} />
 					</Button>
-				</Tooltip>
+				</AuthZTooltip>
 			),
 		},
 	];
@@ -117,6 +140,7 @@ function KeysTab({
 	keys,
 	isLoading,
 	isDisabled = false,
+	accountId = '',
 	currentPage,
 	pageSize,
 }: KeysTabProps): JSX.Element {
@@ -143,14 +167,20 @@ function KeysTab({
 
 	const onRevokeClick = useCallback(
 		(keyId: string): void => {
-			setRevokeKeyId(keyId);
+			void setRevokeKeyId(keyId);
 		},
 		[setRevokeKeyId],
 	);
 
 	const columns = useMemo(
-		() => buildColumns({ isDisabled, onRevokeClick, handleformatLastObservedAt }),
-		[isDisabled, onRevokeClick, handleformatLastObservedAt],
+		() =>
+			buildColumns({
+				isDisabled,
+				accountId,
+				onRevokeClick,
+				handleformatLastObservedAt,
+			}),
+		[isDisabled, accountId, onRevokeClick, handleformatLastObservedAt],
 	);
 
 	if (isLoading) {
@@ -176,16 +206,21 @@ function KeysTab({
 						Learn more
 					</a>
 				</p>
-				<Button
-					variant="link"
-					color="primary"
-					onClick={async (): Promise<void> => {
-						await setIsAddKeyOpen(true);
-					}}
-					disabled={isDisabled}
+				<AuthZTooltip
+					checks={[APIKeyCreatePermission, buildSAAttachPermission(accountId)]}
+					enabled={!isDisabled && !!accountId}
 				>
-					+ Add your first key
-				</Button>
+					<Button
+						variant="link"
+						color="primary"
+						onClick={async (): Promise<void> => {
+							await setIsAddKeyOpen(true);
+						}}
+						disabled={isDisabled}
+					>
+						+ Add your first key
+					</Button>
+				</AuthZTooltip>
 			</div>
 		);
 	}

frontend/src/components/ServiceAccountDrawer/OverviewTab.tsx

@@ -3,9 +3,11 @@ import { LockKeyhole } from '@signozhq/icons';
 import { Badge } from '@signozhq/ui/badge';
 import { Input } from '@signozhq/ui/input';
 import type { AuthtypesRoleDTO } from 'api/generated/services/sigNoz.schemas';
+import AuthZTooltip from 'components/AuthZTooltip/AuthZTooltip';
 import RolesSelect from 'components/RolesSelect';
 import { DATE_TIME_FORMATS } from 'constants/dateTimeFormats';
 import { ServiceAccountRow } from 'container/ServiceAccountsSettings/utils';
+import { buildSAUpdatePermission } from 'hooks/useAuthZ/permissions/service-account.permissions';
 import { useTimezone } from 'providers/Timezone';
 import APIError from 'types/api/error';
 
@@ -19,6 +21,7 @@ interface OverviewTabProps {
 	localRoles: string[];
 	onRolesChange: (v: string[]) => void;
 	isDisabled: boolean;
+	canUpdate?: boolean;
 	availableRoles: AuthtypesRoleDTO[];
 	rolesLoading?: boolean;
 	rolesError?: boolean;
@@ -34,6 +37,7 @@ function OverviewTab({
 	localRoles,
 	onRolesChange,
 	isDisabled,
+	canUpdate = true,
 	availableRoles,
 	rolesLoading,
 	rolesError,
@@ -63,11 +67,16 @@ function OverviewTab({
 				<label className="sa-drawer__label" htmlFor="sa-name">
 					Name
 				</label>
-				{isDisabled ? (
-					<div className="sa-drawer__input-wrapper sa-drawer__input-wrapper--disabled">
-						<span className="sa-drawer__input-text">{localName || '—'}</span>
-						<LockKeyhole size={14} className="sa-drawer__lock-icon" />
-					</div>
+				{isDisabled || !canUpdate ? (
+					<AuthZTooltip
+						checks={[buildSAUpdatePermission(account.id)]}
+						enabled={!isDisabled && !canUpdate}
+					>
+						<div className="sa-drawer__input-wrapper sa-drawer__input-wrapper--disabled">
+							<span className="sa-drawer__input-text">{localName || '—'}</span>
+							<LockKeyhole size={14} className="sa-drawer__lock-icon" />
+						</div>
+					</AuthZTooltip>
 				) : (
 					<Input
 						id="sa-name"
@@ -78,6 +87,16 @@ function OverviewTab({
 				)}
 			</div>
 
+			<div className="sa-drawer__field">
+				<label className="sa-drawer__label" htmlFor="sa-id">
+					ID
+				</label>
+				<div className="sa-drawer__input-wrapper sa-drawer__input-wrapper--disabled">
+					<span className="sa-drawer__input-text">{account.id || '—'}</span>
+					<LockKeyhole size={14} className="sa-drawer__lock-icon" />
+				</div>
+			</div>
+
 			<div className="sa-drawer__field">
 				<label className="sa-drawer__label" htmlFor="sa-email">
 					Email Address

frontend/src/components/ServiceAccountDrawer/RevokeKeyModal.tsx

@@ -1,6 +1,11 @@
 import { useQueryClient } from 'react-query';
 import { Trash2, X } from '@signozhq/icons';
 import { Button } from '@signozhq/ui/button';
+import AuthZTooltip from 'components/AuthZTooltip/AuthZTooltip';
+import {
+	buildAPIKeyDeletePermission,
+	buildSADetachPermission,
+} from 'hooks/useAuthZ/permissions/service-account.permissions';
 import { DialogWrapper } from '@signozhq/ui/dialog';
 import { toast } from '@signozhq/ui/sonner';
 import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
@@ -23,12 +28,16 @@ export interface RevokeKeyFooterProps {
 	isRevoking: boolean;
 	onCancel: () => void;
 	onConfirm: () => void;
+	accountId?: string;
+	keyId?: string;
 }
 
 export function RevokeKeyFooter({
 	isRevoking,
 	onCancel,
 	onConfirm,
+	accountId,
+	keyId,
 }: RevokeKeyFooterProps): JSX.Element {
 	return (
 		<>
@@ -36,15 +45,23 @@ export function RevokeKeyFooter({
 				<X size={12} />
 				Cancel
 			</Button>
-			<Button
-				variant="solid"
-				color="destructive"
-				loading={isRevoking}
-				onClick={onConfirm}
+			<AuthZTooltip
+				checks={[
+					buildAPIKeyDeletePermission(keyId ?? ''),
+					buildSADetachPermission(accountId ?? ''),
+				]}
+				enabled={!!accountId && !!keyId}
 			>
-				<Trash2 size={12} />
-				Revoke Key
-			</Button>
+				<Button
+					variant="solid"
+					color="destructive"
+					loading={isRevoking}
+					onClick={onConfirm}
+				>
+					<Trash2 size={12} />
+					Revoke Key
+				</Button>
+			</AuthZTooltip>
 		</>
 	);
 }
@@ -115,6 +132,8 @@ function RevokeKeyModal(): JSX.Element {
 					isRevoking={isRevoking}
 					onCancel={handleCancel}
 					onConfirm={handleConfirm}
+					accountId={accountId ?? undefined}
+					keyId={revokeKeyId || undefined}
 				/>
 			}
 		>

frontend/src/components/ServiceAccountDrawer/ServiceAccountDrawer.tsx

@@ -16,6 +16,8 @@ import {
 import type { RenderErrorResponseDTO } from 'api/generated/services/sigNoz.schemas';
 import { AxiosError } from 'axios';
 import ErrorInPlace from 'components/ErrorInPlace/ErrorInPlace';
+import { GuardAuthZ } from 'components/GuardAuthZ/GuardAuthZ';
+import PermissionDeniedCallout from 'components/PermissionDeniedCallout/PermissionDeniedCallout';
 import { useRoles } from 'components/RolesSelect';
 import { SA_QUERY_PARAMS } from 'container/ServiceAccountsSettings/constants';
 import {
@@ -27,6 +29,15 @@ import {
 	RoleUpdateFailure,
 	useServiceAccountRoleManager,
 } from 'hooks/serviceAccount/useServiceAccountRoleManager';
+import {
+	APIKeyCreatePermission,
+	APIKeyListPermission,
+	buildSAAttachPermission,
+	buildSADeletePermission,
+	buildSAReadPermission,
+	buildSAUpdatePermission,
+} from 'hooks/useAuthZ/permissions/service-account.permissions';
+import { useAuthZ } from 'hooks/useAuthZ/useAuthZ';
 import {
 	parseAsBoolean,
 	parseAsInteger,
@@ -37,6 +48,7 @@ import {
 import APIError from 'types/api/error';
 import { toAPIError } from 'utils/errorUtils';
 
+import AuthZTooltip from 'components/AuthZTooltip/AuthZTooltip';
 import AddKeyModal from './AddKeyModal';
 import DeleteAccountModal from './DeleteAccountModal';
 import KeysTab from './KeysTab';
@@ -96,6 +108,22 @@ function ServiceAccountDrawer({
 
 	const queryClient = useQueryClient();
 
+	const { permissions: drawerPermissions, isLoading: isAuthZLoading } = useAuthZ(
+		selectedAccountId
+			? [
+					buildSAReadPermission(selectedAccountId),
+					buildSAUpdatePermission(selectedAccountId),
+					buildSADeletePermission(selectedAccountId),
+					APIKeyListPermission,
+				]
+			: [],
+		{ enabled: !!selectedAccountId },
+	);
+
+	const canRead =
+		drawerPermissions?.[buildSAReadPermission(selectedAccountId ?? '')]
+			?.isGranted ?? false;
+
 	const {
 		data: accountData,
 		isLoading: isAccountLoading,
@@ -104,7 +132,7 @@ function ServiceAccountDrawer({
 		refetch: refetchAccount,
 	} = useGetServiceAccount(
 		{ id: selectedAccountId ?? '' },
-		{ query: { enabled: !!selectedAccountId } },
+		{ query: { enabled: canRead && !!selectedAccountId } },
 	);
 
 	const account = useMemo(
@@ -117,7 +145,9 @@ function ServiceAccountDrawer({
 		currentRoles,
 		isLoading: isRolesLoading,
 		applyDiff,
-	} = useServiceAccountRoleManager(selectedAccountId ?? '');
+	} = useServiceAccountRoleManager(selectedAccountId ?? '', {
+		enabled: canRead && !!selectedAccountId,
+	});
 
 	const roleSessionRef = useRef<string | null>(null);
 
@@ -165,9 +195,16 @@ function ServiceAccountDrawer({
 		refetch: refetchRoles,
 	} = useRoles();
 
+	const canListKeys =
+		drawerPermissions?.[APIKeyListPermission]?.isGranted ?? false;
+
+	const canUpdate =
+		drawerPermissions?.[buildSAUpdatePermission(selectedAccountId ?? '')]
+			?.isGranted ?? true;
+
 	const { data: keysData, isLoading: keysLoading } = useListServiceAccountKeys(
 		{ id: selectedAccountId ?? '' },
-		{ query: { enabled: !!selectedAccountId } },
+		{ query: { enabled: !!selectedAccountId && canListKeys } },
 	);
 	const keys = keysData?.data ?? [];
 
@@ -392,18 +429,26 @@ function ServiceAccountDrawer({
 					</ToggleGroupItem>
 				</ToggleGroup>
 				{activeTab === ServiceAccountDrawerTab.Keys && (
-					<Button
-						variant="outlined"
-						size="sm"
-						color="secondary"
-						disabled={isDeleted}
-						onClick={(): void => {
-							void setIsAddKeyOpen(true);
-						}}
+					<AuthZTooltip
+						checks={[
+							APIKeyCreatePermission,
+							buildSAAttachPermission(selectedAccountId ?? ''),
+						]}
+						enabled={!isDeleted && !!selectedAccountId}
 					>
-						<Plus size={12} />
-						Add Key
-					</Button>
+						<Button
+							variant="outlined"
+							size="sm"
+							color="secondary"
+							disabled={isDeleted}
+							onClick={(): void => {
+								void setIsAddKeyOpen(true);
+							}}
+						>
+							<Plus size={12} />
+							Add Key
+						</Button>
+					</AuthZTooltip>
 				)}
 			</div>
 
@@ -412,7 +457,9 @@ function ServiceAccountDrawer({
 					activeTab === ServiceAccountDrawerTab.Keys ? ' sa-drawer__body--keys' : ''
 				}`}
 			>
-				{isAccountLoading && <Skeleton active paragraph={{ rows: 6 }} />}
+				{(isAuthZLoading || isAccountLoading) && (
+					<Skeleton active paragraph={{ rows: 6 }} />
+				)}
 				{isAccountError && (
 					<ErrorInPlace
 						error={toAPIError(
@@ -421,38 +468,55 @@ function ServiceAccountDrawer({
 						)}
 					/>
 				)}
-				{!isAccountLoading && !isAccountError && (
-					<>
-						{activeTab === ServiceAccountDrawerTab.Overview && account && (
-							<OverviewTab
-								account={account}
-								localName={localName}
-								onNameChange={handleNameChange}
-								localRoles={localRoles}
-								onRolesChange={(roles): void => {
-									setLocalRoles(roles);
-									clearRoleErrors();
-								}}
-								isDisabled={isDeleted}
-								availableRoles={availableRoles}
-								rolesLoading={rolesLoading}
-								rolesError={rolesError}
-								rolesErrorObj={rolesErrorObj}
-								onRefetchRoles={refetchRoles}
-								saveErrors={saveErrors}
-							/>
-						)}
-						{activeTab === ServiceAccountDrawerTab.Keys && (
-							<KeysTab
-								keys={keys}
-								isLoading={keysLoading}
-								isDisabled={isDeleted}
-								currentPage={keysPage}
-								pageSize={PAGE_SIZE}
-							/>
-						)}
-					</>
-				)}
+				{!isAuthZLoading &&
+					!isAccountLoading &&
+					!isAccountError &&
+					selectedAccountId && (
+						<GuardAuthZ
+							relation="read"
+							object={`serviceaccount:${selectedAccountId}`}
+							fallbackOnNoPermissions={(): JSX.Element => (
+								<PermissionDeniedCallout permissionName="serviceaccount:read" />
+							)}
+						>
+							<>
+								{activeTab === ServiceAccountDrawerTab.Overview && account && (
+									<OverviewTab
+										account={account}
+										localName={localName}
+										onNameChange={handleNameChange}
+										localRoles={localRoles}
+										onRolesChange={(roles): void => {
+											setLocalRoles(roles);
+											clearRoleErrors();
+										}}
+										isDisabled={isDeleted}
+										canUpdate={canUpdate}
+										availableRoles={availableRoles}
+										rolesLoading={rolesLoading}
+										rolesError={rolesError}
+										rolesErrorObj={rolesErrorObj}
+										onRefetchRoles={refetchRoles}
+										saveErrors={saveErrors}
+									/>
+								)}
+								{activeTab === ServiceAccountDrawerTab.Keys &&
+									(canListKeys ? (
+										<KeysTab
+											keys={keys}
+											isLoading={keysLoading}
+											isDisabled={isDeleted}
+											canUpdate={canUpdate}
+											accountId={selectedAccountId}
+											currentPage={keysPage}
+											pageSize={PAGE_SIZE}
+										/>
+									) : (
+										<PermissionDeniedCallout permissionName="factor-api-key:list" />
+									))}
+							</>
+						</GuardAuthZ>
+					)}
 			</div>
 		</div>
 	);
@@ -482,16 +546,21 @@ function ServiceAccountDrawer({
 			) : (
 				<>
 					{!isDeleted && (
-						<Button
-							variant="link"
-							color="destructive"
-							onClick={(): void => {
-								void setIsDeleteOpen(true);
-							}}
+						<AuthZTooltip
+							checks={[buildSADeletePermission(selectedAccountId ?? '')]}
+							enabled={!!selectedAccountId}
 						>
-							<Trash2 size={12} />
-							Delete Service Account
-						</Button>
+							<Button
+								variant="link"
+								color="destructive"
+								onClick={(): void => {
+									void setIsDeleteOpen(true);
+								}}
+							>
+								<Trash2 size={12} />
+								Delete Service Account
+							</Button>
+						</AuthZTooltip>
 					)}
 					{!isDeleted && (
 						<div className="sa-drawer__footer-right">

frontend/src/components/ServiceAccountDrawer/__tests__/EditKeyModal.test.tsx

@@ -6,6 +6,15 @@ import { render, screen, userEvent, waitFor } from 'tests/test-utils';
 
 import EditKeyModal from '../EditKeyModal';
 
+jest.mock('components/AuthZTooltip/AuthZTooltip', () => ({
+	__esModule: true,
+	default: ({
+		children,
+	}: {
+		children: React.ReactElement;
+	}): React.ReactElement => children,
+}));
+
 jest.mock('@signozhq/ui/sonner', () => ({
 	...jest.requireActual('@signozhq/ui/sonner'),
 	toast: { success: jest.fn(), error: jest.fn() },
@@ -19,7 +28,7 @@ const mockKey: ServiceaccounttypesGettableFactorAPIKeyDTO = {
 	id: 'key-1',
 	name: 'Original Key Name',
 	expiresAt: 0,
-	lastObservedAt: null as any,
+	lastObservedAt: null as unknown as Date,
 	serviceAccountId: 'sa-1',
 };
 

frontend/src/components/ServiceAccountDrawer/__tests__/KeysTab.test.tsx

@@ -6,6 +6,15 @@ import { render, screen, userEvent, waitFor } from 'tests/test-utils';
 
 import KeysTab from '../KeysTab';
 
+jest.mock('components/AuthZTooltip/AuthZTooltip', () => ({
+	__esModule: true,
+	default: ({
+		children,
+	}: {
+		children: React.ReactElement;
+	}): React.ReactElement => children,
+}));
+
 jest.mock('@signozhq/ui/sonner', () => ({
 	...jest.requireActual('@signozhq/ui/sonner'),
 	toast: { success: jest.fn(), error: jest.fn() },
@@ -20,7 +29,7 @@ const keys: ServiceaccounttypesGettableFactorAPIKeyDTO[] = [
 		id: 'key-1',
 		name: 'Production Key',
 		expiresAt: 0,
-		lastObservedAt: null as any,
+		lastObservedAt: null as unknown as Date,
 		serviceAccountId: 'sa-1',
 	},
 	{

frontend/src/components/ServiceAccountDrawer/__tests__/ServiceAccountDrawer.authz.test.tsx

@@ -0,0 +1,158 @@
+import type { ReactNode } from 'react';
+import { listRolesSuccessResponse } from 'mocks-server/__mockdata__/roles';
+import { rest, server } from 'mocks-server/server';
+import { NuqsTestingAdapter } from 'nuqs/adapters/testing';
+import { fireEvent, render, screen, waitFor } from 'tests/test-utils';
+import {
+	setupAuthzAdmin,
+	setupAuthzDeny,
+	setupAuthzDenyAll,
+} from 'tests/authz-test-utils';
+import {
+	APIKeyListPermission,
+	buildSADeletePermission,
+} from 'hooks/useAuthZ/permissions/service-account.permissions';
+
+import ServiceAccountDrawer from '../ServiceAccountDrawer';
+
+const ROLES_ENDPOINT = '*/api/v1/roles';
+const SA_KEYS_ENDPOINT = '*/api/v1/service_accounts/:id/keys';
+const SA_ENDPOINT = '*/api/v1/service_accounts/sa-1';
+const SA_DELETE_ENDPOINT = '*/api/v1/service_accounts/sa-1';
+const SA_ROLES_ENDPOINT = '*/api/v1/service_accounts/:id/roles';
+const SA_ROLE_DELETE_ENDPOINT = '*/api/v1/service_accounts/:id/roles/:rid';
+
+const activeAccountResponse = {
+	id: 'sa-1',
+	name: 'CI Bot',
+	email: 'ci-bot@signoz.io',
+	roles: ['signoz-admin'],
+	status: 'ACTIVE',
+	createdAt: '2026-01-01T00:00:00Z',
+	updatedAt: '2026-01-02T00:00:00Z',
+};
+
+jest.mock('@signozhq/ui/drawer', () => ({
+	...jest.requireActual('@signozhq/ui/drawer'),
+	DrawerWrapper: ({
+		children,
+		footer,
+		open,
+	}: {
+		children?: ReactNode;
+		footer?: ReactNode;
+		open: boolean;
+	}): JSX.Element | null =>
+		open ? (
+			<div>
+				{children}
+				{footer}
+			</div>
+		) : null,
+}));
+
+jest.mock('@signozhq/ui/sonner', () => ({
+	...jest.requireActual('@signozhq/ui/sonner'),
+	toast: { success: jest.fn(), error: jest.fn() },
+}));
+
+function renderDrawer(
+	searchParams: Record<string, string> = { account: 'sa-1' },
+): ReturnType<typeof render> {
+	return render(
+		<NuqsTestingAdapter searchParams={searchParams} hasMemory>
+			<ServiceAccountDrawer onSuccess={jest.fn()} />
+		</NuqsTestingAdapter>,
+	);
+}
+
+function setupBaseHandlers(): void {
+	server.use(
+		rest.get(ROLES_ENDPOINT, (_, res, ctx) =>
+			res(ctx.status(200), ctx.json(listRolesSuccessResponse)),
+		),
+		rest.get(SA_KEYS_ENDPOINT, (_, res, ctx) =>
+			res(ctx.status(200), ctx.json({ data: [] })),
+		),
+		rest.get(SA_ENDPOINT, (_, res, ctx) =>
+			res(ctx.status(200), ctx.json({ data: activeAccountResponse })),
+		),
+		rest.put(SA_ENDPOINT, (_, res, ctx) =>
+			res(ctx.status(200), ctx.json({ status: 'success', data: {} })),
+		),
+		rest.delete(SA_DELETE_ENDPOINT, (_, res, ctx) =>
+			res(ctx.status(200), ctx.json({ status: 'success', data: {} })),
+		),
+		rest.get(SA_ROLES_ENDPOINT, (_, res, ctx) =>
+			res(
+				ctx.status(200),
+				ctx.json({
+					data: listRolesSuccessResponse.data.filter(
+						(r) => r.name === 'signoz-admin',
+					),
+				}),
+			),
+		),
+		rest.post(SA_ROLES_ENDPOINT, (_, res, ctx) =>
+			res(ctx.status(200), ctx.json({ status: 'success', data: {} })),
+		),
+		rest.delete(SA_ROLE_DELETE_ENDPOINT, (_, res, ctx) =>
+			res(ctx.status(200), ctx.json({ status: 'success', data: {} })),
+		),
+	);
+}
+
+describe('ServiceAccountDrawer — permissions', () => {
+	beforeEach(() => {
+		jest.clearAllMocks();
+		setupBaseHandlers();
+	});
+
+	afterEach(() => {
+		server.resetHandlers();
+	});
+
+	it('shows PermissionDeniedCallout inside drawer when read permission is denied', async () => {
+		server.use(setupAuthzDenyAll());
+
+		renderDrawer();
+
+		await waitFor(() => {
+			expect(screen.getByText(/serviceaccount:read/)).toBeInTheDocument();
+		});
+	});
+
+	it('shows drawer content when read permission is granted', async () => {
+		server.use(setupAuthzAdmin());
+
+		renderDrawer();
+
+		await screen.findByDisplayValue('CI Bot');
+		expect(screen.queryByText(/serviceaccount:read/)).not.toBeInTheDocument();
+	});
+
+	it('shows PermissionDeniedCallout in Keys tab when list-keys permission is denied', async () => {
+		server.use(setupAuthzDeny(APIKeyListPermission));
+
+		renderDrawer();
+		await screen.findByDisplayValue('CI Bot');
+
+		fireEvent.click(screen.getByRole('radio', { name: /keys/i }));
+
+		await waitFor(() => {
+			expect(screen.getByText(/factor-api-key:list/)).toBeInTheDocument();
+		});
+	});
+
+	it('disables Delete button when delete permission is denied', async () => {
+		server.use(setupAuthzDeny(buildSADeletePermission('sa-1')));
+
+		renderDrawer();
+		await screen.findByDisplayValue('CI Bot');
+
+		const deleteBtn = screen.getByRole('button', {
+			name: /Delete Service Account/i,
+		});
+		await waitFor(() => expect(deleteBtn).toBeDisabled());
+	});
+});

frontend/src/components/ServiceAccountDrawer/__tests__/ServiceAccountDrawer.test.tsx

@@ -3,6 +3,7 @@ import { listRolesSuccessResponse } from 'mocks-server/__mockdata__/roles';
 import { rest, server } from 'mocks-server/server';
 import { NuqsTestingAdapter } from 'nuqs/adapters/testing';
 import { render, screen, userEvent, waitFor } from 'tests/test-utils';
+import { setupAuthzAdmin } from 'tests/authz-test-utils';
 
 import ServiceAccountDrawer from '../ServiceAccountDrawer';
 
@@ -98,6 +99,7 @@ describe('ServiceAccountDrawer', () => {
 			rest.delete(SA_ROLE_DELETE_ENDPOINT, (_, res, ctx) =>
 				res(ctx.status(200), ctx.json({ status: 'success', data: {} })),
 			),
+			setupAuthzAdmin(),
 		);
 	});
 
@@ -300,13 +302,6 @@ describe('ServiceAccountDrawer', () => {
 		await screen.findByText(/No keys/i);
 	});
 
-	it('shows skeleton while loading account data', () => {
-		renderDrawer();
-
-		// Skeleton renders while the fetch is in-flight
-		expect(document.querySelector('.ant-skeleton')).toBeInTheDocument();
-	});
-
 	it('shows error state when account fetch fails', async () => {
 		server.use(
 			rest.get(SA_ENDPOINT, (_, res, ctx) =>
@@ -359,6 +354,7 @@ describe('ServiceAccountDrawer – save-error UX', () => {
 			rest.delete(SA_ROLE_DELETE_ENDPOINT, (_, res, ctx) =>
 				res(ctx.status(200), ctx.json({ status: 'success', data: {} })),
 			),
+			setupAuthzAdmin(),
 		);
 	});
 

frontend/src/components/TanStackTableView/TanStackTable.tsx

@@ -39,6 +39,7 @@ import {
 } from './TanStackTableStateContext';
 import {
 	FlatItem,
+	SortState,
 	TableRowContext,
 	TanStackTableHandle,
 	TanStackTableProps,
@@ -88,6 +89,7 @@ function TanStackTableInner<TData>(
 		enableQueryParams,
 		pagination,
 		paginationClassname,
+		onSort,
 		onEndReached,
 		getRowKey,
 		getItemKey,
@@ -130,7 +132,7 @@ function TanStackTableInner<TData>(
 		setPage,
 		setLimit,
 		orderBy,
-		setOrderBy,
+		setOrderBy: internalSetOrderBy,
 		expanded,
 		setExpanded,
 	} = useTableParams(enableQueryParams, {
@@ -138,6 +140,14 @@ function TanStackTableInner<TData>(
 		limit: pagination?.defaultLimit,
 	});
 
+	const setOrderBy = useCallback(
+		(sort: SortState | null) => {
+			internalSetOrderBy(sort);
+			onSort?.(sort);
+		},
+		[internalSetOrderBy, onSort],
+	);
+
 	const isGrouped = (groupBy?.length ?? 0) > 0;
 
 	const {
@@ -605,16 +615,22 @@ function TanStackTableInner<TData>(
 								total={effectiveTotalCount}
 								onPageChange={(p): void => {
 									setPage(p);
+									pagination.onPageChange?.(p);
 								}}
 							/>
-							<div className={viewStyles.paginationPageSize}>
-								<ComboboxSimple
-									value={limit?.toString()}
-									defaultValue="10"
-									onChange={(value): void => setLimit(+value)}
-									items={paginationPageSizeItems}
-								/>
-							</div>
+							{pagination.showPageSize !== false && (
+								<div className={viewStyles.paginationPageSize}>
+									<ComboboxSimple
+										value={limit?.toString()}
+										defaultValue="10"
+										onChange={(value): void => {
+											setLimit(+value);
+											pagination.onLimitChange?.(+value);
+										}}
+										items={paginationPageSizeItems}
+									/>
+								</div>
+							)}
 							{suffixPaginationContent}
 						</div>
 					)}

frontend/src/components/TanStackTableView/__tests__/TanStackTableView.test.tsx

@@ -23,6 +23,13 @@ jest.mock('../TanStackTable.module.scss', () => ({
 	},
 }));
 
+// Mock ResizeObserver for combobox tests
+global.ResizeObserver = class ResizeObserver {
+	observe(): void {}
+	unobserve(): void {}
+	disconnect(): void {}
+};
+
 describe('TanStackTableView Integration', () => {
 	describe('rendering', () => {
 		it('renders all data rows', async () => {
@@ -269,6 +276,131 @@ describe('TanStackTableView Integration', () => {
 				screen.queryByTestId('pagination-total-count'),
 			).not.toBeInTheDocument();
 		});
+
+		it('shows page size selector by default (showPageSize undefined)', async () => {
+			renderTanStackTable({
+				props: {
+					pagination: { total: 100, defaultPage: 1, defaultLimit: 10 },
+				},
+			});
+
+			await waitFor(() => {
+				expect(screen.getByRole('navigation')).toBeInTheDocument();
+			});
+
+			// Page size combobox trigger should be visible by default (button with aria-haspopup)
+			const comboboxTrigger = document.querySelector(
+				'button[aria-haspopup="dialog"]',
+			);
+			expect(comboboxTrigger).toBeInTheDocument();
+		});
+
+		it('shows page size selector when showPageSize is true', async () => {
+			renderTanStackTable({
+				props: {
+					pagination: {
+						total: 100,
+						defaultPage: 1,
+						defaultLimit: 10,
+						showPageSize: true,
+					},
+				},
+			});
+
+			await waitFor(() => {
+				expect(screen.getByRole('navigation')).toBeInTheDocument();
+			});
+
+			const comboboxTrigger = document.querySelector(
+				'button[aria-haspopup="dialog"]',
+			);
+			expect(comboboxTrigger).toBeInTheDocument();
+		});
+
+		it('hides page size selector when showPageSize is false', async () => {
+			renderTanStackTable({
+				props: {
+					pagination: {
+						total: 100,
+						defaultPage: 1,
+						defaultLimit: 10,
+						showPageSize: false,
+					},
+				},
+			});
+
+			await waitFor(() => {
+				expect(screen.getByRole('navigation')).toBeInTheDocument();
+			});
+
+			const comboboxTrigger = document.querySelector(
+				'button[aria-haspopup="dialog"]',
+			);
+			expect(comboboxTrigger).not.toBeInTheDocument();
+		});
+
+		it('calls onPageChange callback when page changes', async () => {
+			const user = userEvent.setup();
+			const onPageChange = jest.fn();
+
+			renderTanStackTable({
+				props: {
+					pagination: { total: 100, defaultPage: 1, defaultLimit: 10, onPageChange },
+				},
+			});
+
+			await waitFor(() => {
+				expect(screen.getByRole('navigation')).toBeInTheDocument();
+			});
+
+			const nav = screen.getByRole('navigation');
+			const page2 = Array.from(nav.querySelectorAll('button')).find(
+				(btn) => btn.textContent?.trim() === '2',
+			);
+			if (!page2) {
+				throw new Error('Page 2 button not found in pagination');
+			}
+			await user.click(page2);
+
+			await waitFor(() => {
+				expect(onPageChange).toHaveBeenCalledWith(2);
+			});
+		});
+
+		it('calls onLimitChange callback when limit changes', async () => {
+			const user = userEvent.setup();
+			const onLimitChange = jest.fn();
+
+			renderTanStackTable({
+				props: {
+					pagination: {
+						total: 100,
+						defaultPage: 1,
+						defaultLimit: 10,
+						onLimitChange,
+					},
+				},
+			});
+
+			await waitFor(() => {
+				expect(
+					document.querySelector('button[aria-haspopup="dialog"]'),
+				).toBeInTheDocument();
+			});
+
+			const comboboxTrigger = document.querySelector(
+				'button[aria-haspopup="dialog"]',
+			) as HTMLElement;
+			await user.click(comboboxTrigger);
+
+			// Select a different page size option
+			const option20 = await screen.findByRole('option', { name: '20' });
+			await user.click(option20);
+
+			await waitFor(() => {
+				expect(onLimitChange).toHaveBeenCalledWith(20);
+			});
+		});
 	});
 
 	describe('sorting', () => {
@@ -332,6 +464,55 @@ describe('TanStackTableView Integration', () => {
 				}
 			});
 		});
+
+		it('calls onSort callback when sorting', async () => {
+			const user = userEvent.setup();
+			const onSort = jest.fn();
+
+			renderTanStackTable({
+				props: { onSort },
+			});
+
+			await waitFor(() => {
+				expect(screen.getByText('Item 1')).toBeInTheDocument();
+			});
+
+			const sortButton = screen.getByTitle('ID');
+			await user.click(sortButton);
+
+			await waitFor(() => {
+				expect(onSort).toHaveBeenCalledWith(
+					expect.objectContaining({ columnName: 'id', order: 'asc' }),
+				);
+			});
+		});
+
+		it('calls onSort with null when sort is cleared', async () => {
+			const user = userEvent.setup();
+			const onSort = jest.fn();
+
+			renderTanStackTable({
+				props: { onSort },
+			});
+
+			await waitFor(() => {
+				expect(screen.getByText('Item 1')).toBeInTheDocument();
+			});
+
+			const sortButton = screen.getByTitle('ID');
+
+			// First click - asc
+			await user.click(sortButton);
+			// Second click - desc
+			await user.click(sortButton);
+			// Third click - clear
+			await user.click(sortButton);
+
+			await waitFor(() => {
+				const lastCall = onSort.mock.calls[onSort.mock.calls.length - 1];
+				expect(lastCall[0]).toBeNull();
+			});
+		});
 	});
 
 	describe('row selection', () => {

frontend/src/components/TanStackTableView/types.ts

@@ -115,6 +115,12 @@ export type PaginationProps = {
 	total: number;
 	defaultPage?: number;
 	defaultLimit?: number;
+	/**
+	 * @default true
+	 */
+	showPageSize?: boolean;
+	onPageChange?: (page: number) => void;
+	onLimitChange?: (limit: number) => void;
 	showTotalCount?: boolean;
 	totalCountLabel?: string;
 };
@@ -142,6 +148,8 @@ export type TanStackTableProps<TData> = {
 	enableQueryParams?: boolean | string | TanstackTableQueryParamsConfig;
 	pagination?: PaginationProps;
 	paginationClassname?: string;
+	/** Callback when sort changes. */
+	onSort?: (sort: SortState | null) => void;
 	onEndReached?: (index: number) => void;
 	/** Function to get the unique key for a row (before duplicate handling).
 	 * When set, enables automatic duplicate key detection and group-aware key composition. */

frontend/src/components/createGuardedRoute/createGuardedRoute.test.tsx

@@ -1,33 +1,16 @@
 import { ReactElement } from 'react';
 import type { RouteComponentProps } from 'react-router-dom';
-import {
+import type {
 	AuthtypesGettableTransactionDTO,
 	AuthtypesTransactionDTO,
 } from 'api/generated/services/sigNoz.schemas';
-import { ENVIRONMENT } from 'constants/env';
 import { server } from 'mocks-server/server';
 import { rest } from 'msw';
 import { render, screen, waitFor } from 'tests/test-utils';
+import { AUTHZ_CHECK_URL, authzMockResponse } from 'tests/authz-test-utils';
 
 import { createGuardedRoute } from './createGuardedRoute';
 
-const BASE_URL = ENVIRONMENT.baseURL || '';
-const AUTHZ_CHECK_URL = `${BASE_URL}/api/v1/authz/check`;
-
-function authzMockResponse(
-	payload: AuthtypesTransactionDTO[],
-	authorizedByIndex: boolean[],
-): { data: AuthtypesGettableTransactionDTO[]; status: string } {
-	return {
-		data: payload.map((txn, i) => ({
-			relation: txn.relation,
-			object: txn.object,
-			authorized: authorizedByIndex[i] ?? false,
-		})),
-		status: 'success',
-	};
-}
-
 describe('createGuardedRoute', () => {
 	const TestComponent = ({ testProp }: { testProp: string }): ReactElement => (
 		<div>Test Component: {testProp}</div>

frontend/src/components/createGuardedRoute/createGuardedRoute.tsx

@@ -34,7 +34,7 @@ function OnNoPermissionsFallback(response: {
 					<br />
 					Object: <span>{object}</span>
 					<br />
-					Ask your SigNoz administrator to grant access.
+					Please ask your SigNoz administrator to grant access.
 				</p>
 			</div>
 		</div>

frontend/src/constants/features.ts

@@ -10,4 +10,5 @@ export enum FeatureKeys {
 	ONBOARDING_V3 = 'onboarding_v3',
 	DOT_METRICS_ENABLED = 'dot_metrics_enabled',
 	USE_JSON_BODY = 'use_json_body',
+	USE_FINE_GRAINED_AUTHZ = 'use_fine_grained_authz',
 }

frontend/src/constants/queryBuilder.ts

@@ -431,6 +431,31 @@ export const OPERATORS = {
 	NOTILIKE: 'NOT_ILIKE',
 };
 
+/**
+ * Maps short-form InfraMonitoring operators to long-form display labels.
+ * InfraMonitoring backend uses short forms (NIN), UI displays long forms (NOT_IN).
+ */
+export const INFRA_SHORT_TO_LONG_OPERATOR_MAP: Record<string, string> = {
+	NIN: 'NOT_IN',
+	NLIKE: 'NOT_LIKE',
+	NOTILIKE: 'NOT_ILIKE',
+	NREGEX: 'NOT_REGEX',
+	NEXISTS: 'NOT_EXISTS',
+	NCONTAINS: 'NOT_CONTAINS',
+};
+
+/**
+ * Maps long-form operators to short-form for InfraMonitoring API.
+ */
+export const INFRA_LONG_TO_SHORT_OPERATOR_MAP: Record<string, string> = {
+	NOT_IN: 'NIN',
+	NOT_LIKE: 'NLIKE',
+	NOT_ILIKE: 'NOTILIKE',
+	NOT_REGEX: 'NREGEX',
+	NOT_EXISTS: 'NEXISTS',
+	NOT_CONTAINS: 'NCONTAINS',
+};
+
 export const QUERY_BUILDER_OPERATORS_BY_TYPES = {
 	string: [
 		OPERATORS['='],

frontend/src/container/FormAlertRules/ChQuerySection/ChQuerySection.tsx

@@ -1,16 +1,65 @@
+import { Callout } from '@signozhq/ui/callout';
 import ClickHouseQueryBuilder from 'container/NewWidget/LeftContainer/QuerySection/QueryBuilder/ClickHouse/query';
 import { useQueryBuilder } from 'hooks/queryBuilder/useQueryBuilder';
+import { AlertTypes } from 'types/api/alerts/alertTypes';
+import DOCLINKS from 'utils/docLinks';
 
-function ChQuerySection(): JSX.Element {
+import 'container/NewWidget/LeftContainer/QuerySection/QueryBuilder/ClickHouse/ClickHouse.styles.scss';
+
+const ALERT_TYPE_DOC_LINK: Partial<Record<AlertTypes, string>> = {
+	[AlertTypes.LOGS_BASED_ALERT]: DOCLINKS.QUERY_CLICKHOUSE_LOGS,
+	[AlertTypes.TRACES_BASED_ALERT]: DOCLINKS.QUERY_CLICKHOUSE_TRACES,
+	[AlertTypes.EXCEPTIONS_BASED_ALERT]: DOCLINKS.QUERY_CLICKHOUSE_TRACES,
+	[AlertTypes.METRICS_BASED_ALERT]: DOCLINKS.QUERY_CLICKHOUSE_METRICS,
+};
+
+const ALERT_TYPES_WITH_AGENT_SKILL: AlertTypes[] = [
+	AlertTypes.LOGS_BASED_ALERT,
+	AlertTypes.TRACES_BASED_ALERT,
+	AlertTypes.EXCEPTIONS_BASED_ALERT,
+];
+
+interface ChQuerySectionProps {
+	alertType: AlertTypes;
+}
+
+function ChQuerySection({ alertType }: ChQuerySectionProps): JSX.Element {
 	const { currentQuery } = useQueryBuilder();
+	const docLink = ALERT_TYPE_DOC_LINK[alertType];
+	const showAgentSkill = ALERT_TYPES_WITH_AGENT_SKILL.includes(alertType);
 
 	return (
-		<ClickHouseQueryBuilder
-			key="A"
-			queryIndex={0}
-			queryData={currentQuery.clickhouse_sql[0]}
-			deletable={false}
-		/>
+		<>
+			{docLink && (
+				<div className="info-banner-wrapper">
+					<Callout
+						type="info"
+						showIcon
+						title={
+							<span>
+								<a href={docLink} target="_blank" rel="noopener">
+									Learn to write faster, optimized queries
+								</a>
+								{showAgentSkill && (
+									<>
+										{' · Using AI? '}
+										<a href={DOCLINKS.AGENT_SKILL_INSTALL} target="_blank" rel="noopener">
+											Install the SigNoz ClickHouse query agent skill
+										</a>
+									</>
+								)}
+							</span>
+						}
+					/>
+				</div>
+			)}
+			<ClickHouseQueryBuilder
+				key="A"
+				queryIndex={0}
+				queryData={currentQuery.clickhouse_sql[0]}
+				deletable={false}
+			/>
+		</>
 	);
 }
 

frontend/src/container/FormAlertRules/QuerySection.tsx

@@ -56,7 +56,9 @@ function QuerySection({
 
 	const renderPromqlUI = (): JSX.Element => <PromqlSection />;
 
-	const renderChQueryUI = (): JSX.Element => <ChQuerySection />;
+	const renderChQueryUI = (): JSX.Element => (
+		<ChQuerySection alertType={alertType} />
+	);
 
 	const isDarkMode = useIsDarkMode();
 

frontend/src/container/FormAlertRules/index.tsx

@@ -5,7 +5,8 @@ import { useQueryClient } from 'react-query';
 import { useSelector } from 'react-redux';
 import { useLocation } from 'react-router-dom';
 import { BellDot, CircleAlert, ExternalLink, Save } from '@signozhq/icons';
-import { Button, FormInstance, Modal, SelectProps } from 'antd';
+import { Button, FormInstance, SelectProps } from 'antd';
+import { ConfirmDialog } from '@signozhq/ui/dialog';
 import { Typography } from '@signozhq/ui/typography';
 import logEvent from 'api/common/logEvent';
 import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
@@ -162,6 +163,7 @@ function FormAlertRules({
 	const alertTypeFromURL = urlQuery.get(QueryParams.ruleType);
 
 	const [detectionMethod, setDetectionMethod] = useState<string | null>(null);
+	const [isConfirmSaveOpen, setIsConfirmSaveOpen] = useState(false);
 
 	useEffect(() => {
 		if (!isEqual(currentQuery.unit, yAxisUnit)) {
@@ -577,19 +579,16 @@ function FormAlertRules({
 			});
 
 			// invalidate rule in cache
-			ruleCache.invalidateQueries([
+			await ruleCache.invalidateQueries([
 				REACT_QUERY_KEY.ALERT_RULE_DETAILS,
 				`${ruleId}`,
 			]);
 
-			// eslint-disable-next-line sonarjs/no-identical-functions
-			setTimeout(() => {
-				urlQuery.delete(QueryParams.compositeQuery);
-				urlQuery.delete(QueryParams.panelTypes);
-				urlQuery.delete(QueryParams.ruleId);
-				urlQuery.delete(QueryParams.relativeTime);
-				safeNavigate(`${ROUTES.LIST_ALL_ALERT}?${urlQuery.toString()}`);
-			}, 2000);
+			urlQuery.delete(QueryParams.compositeQuery);
+			urlQuery.delete(QueryParams.panelTypes);
+			urlQuery.delete(QueryParams.ruleId);
+			urlQuery.delete(QueryParams.relativeTime);
+			safeNavigate(`${ROUTES.LIST_ALL_ALERT}?${urlQuery.toString()}`);
 		} catch (e) {
 			const apiError = convertToApiError(e as AxiosError<RenderErrorResponseDTO>);
 			logData = {
@@ -625,24 +624,9 @@ function FormAlertRules({
 		urlQuery,
 	]);
 
-	const onSaveHandler = useCallback(async () => {
-		const content = (
-			<Typography.Text>
-				{' '}
-				{t('confirm_save_content_part1')}{' '}
-				<QueryTypeTag queryType={currentQuery.queryType} />{' '}
-				{t('confirm_save_content_part2')}
-			</Typography.Text>
-		);
-		Modal.confirm({
-			icon: <CircleAlert size="md" />,
-			title: t('confirm_save_title'),
-			centered: true,
-			content,
-			onOk: saveRule,
-			className: 'create-alert-modal',
-		});
-	}, [t, saveRule, currentQuery]);
+	const onSaveHandler = useCallback(() => {
+		setIsConfirmSaveOpen(true);
+	}, []);
 
 	const onTestRuleHandler = useCallback(async () => {
 		if (!isFormValid()) {
@@ -988,6 +972,27 @@ function FormAlertRules({
 					</ButtonContainer>
 				</MainFormContainer>
 			</div>
+
+			<ConfirmDialog
+				open={isConfirmSaveOpen}
+				onOpenChange={setIsConfirmSaveOpen}
+				title={t('confirm_save_title')}
+				titleIcon={<CircleAlert size={14} />}
+				confirmText="OK"
+				confirmColor="primary"
+				onConfirm={async (): Promise<boolean> => {
+					await saveRule();
+					return true;
+				}}
+				onCancel={() => setIsConfirmSaveOpen(false)}
+				width="narrow"
+			>
+				<Typography.Text>
+					{t('confirm_save_content_part1')}{' '}
+					<QueryTypeTag queryType={currentQuery.queryType} />{' '}
+					{t('confirm_save_content_part2')}
+				</Typography.Text>
+			</ConfirmDialog>
 		</>
 	);
 }

frontend/src/container/InfraMonitoringK8s/Base/K8sBaseDetails.tsx

@@ -12,6 +12,8 @@ import { Button, Divider, Drawer, Radio, Tooltip } from 'antd';
 import { Typography } from '@signozhq/ui/typography';
 import type { RadioChangeEvent } from 'antd/lib';
 import logEvent from 'api/common/logEvent';
+import { combineInitialAndUserExpression } from 'components/QueryBuilderV2/QueryV2/QuerySearch/utils';
+import { convertFiltersToExpression } from 'components/QueryBuilderV2/utils';
 import { InfraMonitoringEvents } from 'constants/events';
 import { QueryParams } from 'constants/query';
 import {
@@ -25,7 +27,6 @@ import {
 	Time,
 } from 'container/TopNav/DateTimeSelectionV2/types';
 import { useIsDarkMode } from 'hooks/useDarkMode';
-import useUrlQuery from 'hooks/useUrlQuery';
 import { GetQueryResultsProps } from 'lib/dashboard/getQueryResults';
 import GetMinMax from 'lib/getMinMax';
 import {
@@ -41,7 +42,6 @@ import { isCustomTimeRange, useGlobalTimeStore } from 'store/globalTime';
 import { NANO_SECOND_MULTIPLIER } from 'store/globalTime/utils';
 import { DataTypes } from 'types/api/queryBuilder/queryAutocompleteResponse';
 import {
-	IBuilderQuery,
 	TagFilter,
 	TagFilterItem,
 } from 'types/api/queryBuilder/queryBuilderData';
@@ -52,15 +52,15 @@ import {
 import { openInNewTab } from 'utils/navigation';
 import { v4 as uuidv4 } from 'uuid';
 
-import { filterDuplicateFilters } from '../commonUtils';
-import { InfraMonitoringEntity, VIEW_TYPES, VIEWS } from '../constants';
+import { InfraMonitoringEntity, VIEW_TYPES } from '../constants';
 import EntityContainers from '../EntityDetailsUtils/EntityContainers';
 import EntityEvents from '../EntityDetailsUtils/EntityEvents';
 import EntityLogs from '../EntityDetailsUtils/EntityLogs';
+import { K8S_ENTITY_LOGS_EXPRESSION_KEY } from '../EntityDetailsUtils/EntityLogs/hooks';
 import EntityMetrics from '../EntityDetailsUtils/EntityMetrics';
 import EntityProcesses from '../EntityDetailsUtils/EntityProcesses';
 import EntityTraces from '../EntityDetailsUtils/EntityTraces';
-import { QUERY_KEYS } from '../EntityDetailsUtils/utils';
+import { K8S_ENTITY_TRACES_EXPRESSION_KEY } from '../EntityDetailsUtils/EntityTraces/hooks';
 import {
 	useInfraMonitoringEventsFilters,
 	useInfraMonitoringLogFilters,
@@ -71,6 +71,7 @@ import {
 import LoadingContainer from '../LoadingContainer';
 
 import '../EntityDetailsUtils/entityDetails.styles.scss';
+import { parseAsString, useQueryState } from 'nuqs';
 
 const TimeRangeOffset = 1000000000;
 
@@ -99,6 +100,9 @@ export interface K8sBaseDetailsProps<T> {
 	getEntityName: (entity: T) => string;
 	getInitialLogTracesFilters: (entity: T) => TagFilterItem[];
 	getInitialEventsFilters: (entity: T) => TagFilterItem[];
+	/**
+	 * @deprecated It's not needed anymore, remove in the next PR
+	 */
 	primaryFilterKeys: string[];
 	metadataConfig: K8sDetailsMetadataConfig<T>[];
 	entityWidgetInfo: {
@@ -157,7 +161,7 @@ export function createFilterItem(
 }
 
 // eslint-disable-next-line sonarjs/cognitive-complexity
-function K8sBaseDetails<T>({
+export default function K8sBaseDetails<T>({
 	category,
 	eventCategory,
 	getSelectedItemFilters,
@@ -165,7 +169,6 @@ function K8sBaseDetails<T>({
 	getEntityName,
 	getInitialLogTracesFilters,
 	getInitialEventsFilters,
-	primaryFilterKeys,
 	metadataConfig,
 	entityWidgetInfo,
 	getEntityQueryPayload,
@@ -174,6 +177,85 @@ function K8sBaseDetails<T>({
 	tabsConfig,
 	customTabs,
 }: K8sBaseDetailsProps<T>): JSX.Element {
+	const selectedTime = useGlobalTimeStore((s) => s.selectedTime);
+	const getMinMaxTime = useGlobalTimeStore((s) => s.getMinMaxTime);
+	const lastComputedMinMax = useGlobalTimeStore((s) => s.lastComputedMinMax);
+	const getAutoRefreshQueryKey = useGlobalTimeStore(
+		(s) => s.getAutoRefreshQueryKey,
+	);
+
+	const isDarkMode = useIsDarkMode();
+
+	const [selectedItem, setSelectedItem] = useInfraMonitoringSelectedItem();
+
+	const entityQueryKey = useMemo(
+		() =>
+			getAutoRefreshQueryKey(
+				selectedTime,
+				`${queryKeyPrefix}EntityDetails`,
+				selectedItem,
+			),
+		[queryKeyPrefix, selectedItem, selectedTime, getAutoRefreshQueryKey],
+	);
+
+	const {
+		data: entityResponse,
+		isLoading: isEntityLoading,
+		isError: isEntityError,
+		error: entityError,
+	} = useQuery({
+		queryKey: entityQueryKey,
+		queryFn: ({ signal }) => {
+			if (!selectedItem) {
+				return { data: null };
+			}
+			const filters = getSelectedItemFilters(selectedItem);
+			const { minTime, maxTime } = getMinMaxTime();
+
+			return fetchEntityData(
+				{
+					filters,
+					start: Math.floor(minTime / NANO_SECOND_MULTIPLIER),
+					end: Math.floor(maxTime / NANO_SECOND_MULTIPLIER),
+				},
+				signal,
+			);
+		},
+		enabled: !!selectedItem,
+	});
+
+	const entity = entityResponse?.data ?? null;
+	const hasResponseError = !!entityResponse?.error;
+
+	const logsAndTracesInitialExpression = useMemo(() => {
+		if (!entity) {
+			return '';
+		}
+		const primaryFiltersOnly = {
+			op: 'AND' as const,
+			items: getInitialLogTracesFilters(entity),
+		};
+		return convertFiltersToExpression(primaryFiltersOnly).expression;
+	}, [entity, getInitialLogTracesFilters]);
+
+	const eventsInitialExpression = useMemo(() => {
+		if (!entity) {
+			return '';
+		}
+		const primaryFiltersOnly = {
+			op: 'AND' as const,
+			items: getInitialEventsFilters(entity),
+		};
+		return convertFiltersToExpression(primaryFiltersOnly).expression;
+	}, [entity, getInitialEventsFilters]);
+
+	const handleClose = useCallback((): void => {
+		setSelectedItem(null);
+	}, [setSelectedItem]);
+
+	const entityName = entity ? getEntityName(entity) : '';
+
+	// Content state (previously in K8sBaseDetailsContent)
 	const tabVisibility = useMemo(
 		() => ({
 			showMetrics: true,
@@ -187,13 +269,6 @@ function K8sBaseDetails<T>({
 		[tabsConfig],
 	);
 
-	const selectedTime = useGlobalTimeStore((s) => s.selectedTime);
-	const lastComputedMinMax = useGlobalTimeStore((s) => s.lastComputedMinMax);
-	const getMinMaxTime = useGlobalTimeStore((s) => s.getMinMaxTime);
-	const getAutoRefreshQueryKey = useGlobalTimeStore(
-		(s) => s.getAutoRefreshQueryKey,
-	);
-
 	const { startMs, endMs } = useMemo(
 		() => ({
 			startMs: Math.floor(lastComputedMinMax.minTime / NANO_SECOND_MULTIPLIER),
@@ -220,102 +295,17 @@ function K8sBaseDetails<T>({
 	const [selectedView, setSelectedView] = useInfraMonitoringView();
 	const effectiveView = hideDetailViewTabs ? VIEW_TYPES.METRICS : selectedView;
 
-	const [logFiltersParam, setLogFiltersParam] = useInfraMonitoringLogFilters();
-	const [tracesFiltersParam, setTracesFiltersParam] =
-		useInfraMonitoringTracesFilters();
-	const [eventsFiltersParam, setEventsFiltersParam] =
-		useInfraMonitoringEventsFilters();
-	const isDarkMode = useIsDarkMode();
-
-	const [selectedItem, setSelectedItem] = useInfraMonitoringSelectedItem();
-	const urlQuery = useUrlQuery();
-
-	useEffect(() => {
-		if (
-			hideDetailViewTabs &&
-			selectedItem &&
-			selectedView !== VIEW_TYPES.METRICS
-		) {
-			setSelectedView(VIEW_TYPES.METRICS);
-		}
-	}, [hideDetailViewTabs, selectedItem, selectedView, setSelectedView]);
-
-	const entityQueryKey = useMemo(
-		() =>
-			getAutoRefreshQueryKey(
-				selectedTime,
-				`${queryKeyPrefix}EntityDetails`,
-				selectedItem,
-			),
-		[getAutoRefreshQueryKey, queryKeyPrefix, selectedItem, selectedTime],
+	const [, setLogFiltersParam] = useInfraMonitoringLogFilters();
+	const [, setTracesFiltersParam] = useInfraMonitoringTracesFilters();
+	const [, setEventsFiltersParam] = useInfraMonitoringEventsFilters();
+	const [userLogsExpression] = useQueryState(
+		K8S_ENTITY_LOGS_EXPRESSION_KEY,
+		parseAsString,
+	);
+	const [userTracesExpression] = useQueryState(
+		K8S_ENTITY_TRACES_EXPRESSION_KEY,
+		parseAsString,
 	);
-
-	const {
-		data: entityResponse,
-		isLoading: isEntityLoading,
-		isError: isEntityError,
-	} = useQuery({
-		queryKey: entityQueryKey,
-		queryFn: ({ signal }) => {
-			if (!selectedItem) {
-				return { data: null };
-			}
-			const filters = getSelectedItemFilters(selectedItem);
-			const { minTime, maxTime } = getMinMaxTime();
-
-			return fetchEntityData(
-				{
-					filters,
-					start: Math.floor(minTime / NANO_SECOND_MULTIPLIER),
-					end: Math.floor(maxTime / NANO_SECOND_MULTIPLIER),
-				},
-				signal,
-			);
-		},
-		enabled: !!selectedItem,
-	});
-
-	const entity = entityResponse?.data ?? null;
-
-	const initialFilters = useMemo(() => {
-		const filters =
-			effectiveView === VIEW_TYPES.LOGS ? logFiltersParam : tracesFiltersParam;
-		if (filters) {
-			return filters;
-		}
-		if (!entity) {
-			return { op: 'AND', items: [] };
-		}
-		return {
-			op: 'AND',
-			items: getInitialLogTracesFilters(entity),
-		};
-	}, [
-		entity,
-		effectiveView,
-		logFiltersParam,
-		tracesFiltersParam,
-		getInitialLogTracesFilters,
-	]);
-
-	const initialEventsFilters = useMemo(() => {
-		if (eventsFiltersParam) {
-			return eventsFiltersParam;
-		}
-		if (!entity) {
-			return { op: 'AND', items: [] };
-		}
-		return {
-			op: 'AND',
-			items: getInitialEventsFilters(entity),
-		};
-	}, [entity, eventsFiltersParam, getInitialEventsFilters]);
-
-	const [logsAndTracesFilters, setLogsAndTracesFilters] =
-		useState<IBuilderQuery['filters']>(initialFilters);
-
-	const [eventsFilters, setEventsFilters] =
-		useState<IBuilderQuery['filters']>(initialEventsFilters);
 
 	useEffect(() => {
 		if (entity) {
@@ -327,11 +317,6 @@ function K8sBaseDetails<T>({
 		}
 	}, [entity, eventCategory]);
 
-	useEffect(() => {
-		setLogsAndTracesFilters(initialFilters);
-		setEventsFilters(initialEventsFilters);
-	}, [initialFilters, initialEventsFilters]);
-
 	useEffect(() => {
 		const currentSelectedInterval = lastSelectedInterval.current || selectedTime;
 		if (!isCustomTimeRange(currentSelectedInterval)) {
@@ -388,143 +373,9 @@ function K8sBaseDetails<T>({
 		[eventCategory, effectiveView],
 	);
 
-	const handleChangeLogFilters = useCallback(
-		(value: IBuilderQuery['filters'], view: VIEWS) => {
-			setLogsAndTracesFilters((prevFilters) => {
-				const primaryFilters = prevFilters?.items?.filter((item) =>
-					primaryFilterKeys.includes(item.key?.key ?? ''),
-				);
-				const paginationFilter = value?.items?.find(
-					(item) => item.key?.key === 'id',
-				);
-				const newFilters = value?.items?.filter(
-					(item) =>
-						item.key?.key !== 'id' &&
-						!primaryFilterKeys.includes(item.key?.key ?? ''),
-				);
-
-				if (newFilters && newFilters?.length > 0) {
-					logEvent(InfraMonitoringEvents.FilterApplied, {
-						entity: InfraMonitoringEvents.K8sEntity,
-						page: InfraMonitoringEvents.DetailedPage,
-						category: eventCategory,
-						view: selectedView,
-					});
-				}
-
-				const updatedFilters = {
-					op: 'AND',
-					items: filterDuplicateFilters(
-						[
-							...(primaryFilters || []),
-							...(newFilters || []),
-							...(paginationFilter ? [paginationFilter] : []),
-						].filter((item): item is TagFilterItem => item !== undefined),
-					),
-				};
-
-				setLogFiltersParam(updatedFilters);
-				setSelectedView(view);
-
-				return updatedFilters;
-			});
-		},
-		[
-			setLogFiltersParam,
-			setSelectedView,
-			primaryFilterKeys,
-			eventCategory,
-			selectedView,
-		],
-	);
-
-	const handleChangeTracesFilters = useCallback(
-		(value: IBuilderQuery['filters'], view: VIEWS) => {
-			setLogsAndTracesFilters((prevFilters) => {
-				const primaryFilters = prevFilters?.items?.filter((item) =>
-					primaryFilterKeys.includes(item.key?.key ?? ''),
-				);
-
-				if (value?.items && value?.items?.length > 0) {
-					logEvent(InfraMonitoringEvents.FilterApplied, {
-						entity: InfraMonitoringEvents.K8sEntity,
-						page: InfraMonitoringEvents.DetailedPage,
-						category: eventCategory,
-						view: selectedView,
-					});
-				}
-
-				const updatedFilters = {
-					op: 'AND',
-					items: filterDuplicateFilters(
-						[
-							...(primaryFilters || []),
-							...(value?.items?.filter(
-								(item) => !primaryFilterKeys.includes(item.key?.key ?? ''),
-							) || []),
-						].filter((item): item is TagFilterItem => item !== undefined),
-					),
-				};
-
-				setTracesFiltersParam(updatedFilters);
-				setSelectedView(view);
-
-				return updatedFilters;
-			});
-		},
-		[
-			setTracesFiltersParam,
-			setSelectedView,
-			primaryFilterKeys,
-			eventCategory,
-			selectedView,
-		],
-	);
-
-	const handleChangeEventsFilters = useCallback(
-		(value: IBuilderQuery['filters'], view: VIEWS) => {
-			setEventsFilters((prevFilters) => {
-				const kindFilter = prevFilters?.items?.find(
-					(item) => item.key?.key === QUERY_KEYS.K8S_OBJECT_KIND,
-				);
-				const nameFilter = prevFilters?.items?.find(
-					(item) => item.key?.key === QUERY_KEYS.K8S_OBJECT_NAME,
-				);
-
-				if (value?.items && value?.items?.length > 0) {
-					logEvent(InfraMonitoringEvents.FilterApplied, {
-						entity: InfraMonitoringEvents.K8sEntity,
-						page: InfraMonitoringEvents.DetailedPage,
-						category: eventCategory,
-						view: selectedView,
-					});
-				}
-
-				const updatedFilters = {
-					op: 'AND',
-					items: filterDuplicateFilters(
-						[
-							kindFilter,
-							nameFilter,
-							...(value?.items?.filter(
-								(item) =>
-									item.key?.key !== QUERY_KEYS.K8S_OBJECT_KIND &&
-									item.key?.key !== QUERY_KEYS.K8S_OBJECT_NAME,
-							) || []),
-						].filter((item): item is TagFilterItem => item !== undefined),
-					),
-				};
-
-				setEventsFiltersParam(updatedFilters);
-				setSelectedView(view);
-
-				return updatedFilters;
-			});
-		},
-		[eventCategory, selectedView, setEventsFiltersParam, setSelectedView],
-	);
-
 	const handleExplorePagesRedirect = (): void => {
+		const urlQuery = new URLSearchParams();
+
 		if (selectedInterval !== 'custom') {
 			urlQuery.set(QueryParams.relativeTime, selectedInterval);
 		} else {
@@ -541,12 +392,10 @@ function K8sBaseDetails<T>({
 		});
 
 		if (selectedView === VIEW_TYPES.LOGS) {
-			const filtersWithoutPagination = {
-				...logsAndTracesFilters,
-				items:
-					logsAndTracesFilters?.items?.filter((item) => item.key?.key !== 'id') ||
-					[],
-			};
+			const fullExpression = combineInitialAndUserExpression(
+				logsAndTracesInitialExpression,
+				userLogsExpression || '',
+			);
 
 			const compositeQuery = {
 				...initialQueryState,
@@ -557,7 +406,8 @@ function K8sBaseDetails<T>({
 						{
 							...initialQueryBuilderFormValuesMap.logs,
 							aggregateOperator: LogsAggregatorOperator.NOOP,
-							filters: filtersWithoutPagination,
+							expression: fullExpression,
+							filter: { expression: fullExpression },
 						},
 					],
 				},
@@ -567,6 +417,11 @@ function K8sBaseDetails<T>({
 
 			openInNewTab(`${ROUTES.LOGS_EXPLORER}?${urlQuery.toString()}`);
 		} else if (selectedView === VIEW_TYPES.TRACES) {
+			const fullExpression = combineInitialAndUserExpression(
+				logsAndTracesInitialExpression,
+				userTracesExpression || '',
+			);
+
 			const compositeQuery = {
 				...initialQueryState,
 				queryType: 'builder',
@@ -576,7 +431,8 @@ function K8sBaseDetails<T>({
 						{
 							...initialQueryBuilderFormValuesMap.traces,
 							aggregateOperator: TracesAggregatorOperator.NOOP,
-							filters: logsAndTracesFilters,
+							expression: fullExpression,
+							filter: { expression: fullExpression },
 						},
 					],
 				},
@@ -588,25 +444,19 @@ function K8sBaseDetails<T>({
 		}
 	};
 
-	const handleClose = (): void => {
-		lastSelectedInterval.current = null;
-
-		setSelectedItem(null);
-		setSelectedView(null);
-		setTracesFiltersParam(null);
-		setEventsFiltersParam(null);
-		setLogFiltersParam(null);
-	};
-
-	const entityName = entity ? getEntityName(entity) : '';
-
 	return (
 		<Drawer
 			width="70%"
 			title={
 				<>
 					<Divider type="vertical" />
-					<Typography.Text className="title">{entityName}</Typography.Text>
+					<Typography.Text className="title">
+						{entityName ||
+							((isEntityError || hasResponseError) &&
+								'Failed to load entity details') ||
+							(isEntityLoading && 'Loading...') ||
+							'-'}
+					</Typography.Text>
 				</>
 			}
 			placement="right"
@@ -621,12 +471,17 @@ function K8sBaseDetails<T>({
 			closeIcon={<X size={16} style={{ marginTop: Spacing.MARGIN_1 }} />}
 		>
 			{isEntityLoading && <LoadingContainer />}
-			{isEntityError && (
-				<Typography.Text color="danger">
-					{entityResponse?.error || 'Failed to load entity details'}
-				</Typography.Text>
+			{(isEntityError || hasResponseError) && (
+				<div className="entity-error-container">
+					<Typography.Text color="danger">
+						{entityResponse?.error ||
+							(entityError instanceof Error
+								? entityError.message
+								: 'Failed to load entity details')}
+					</Typography.Text>
+				</div>
 			)}
-			{entity && !isEntityLoading && (
+			{entity && !isEntityLoading && !hasResponseError && (
 				<>
 					<div className="entity-detail-drawer__entity">
 						<div className="entity-details-grid">
@@ -762,13 +617,23 @@ function K8sBaseDetails<T>({
 								))}
 							</Radio.Group>
 
-							{(selectedView === VIEW_TYPES.LOGS ||
-								selectedView === VIEW_TYPES.TRACES) && (
-								<Button
-									icon={<Compass size={18} />}
-									className="compass-button"
-									onClick={handleExplorePagesRedirect}
-								/>
+							{selectedView === VIEW_TYPES.LOGS && (
+								<Tooltip title="Go to Logs Explorer" placement="left">
+									<Button
+										icon={<Compass size={18} />}
+										className="compass-button"
+										onClick={handleExplorePagesRedirect}
+									/>
+								</Tooltip>
+							)}
+							{selectedView === VIEW_TYPES.TRACES && (
+								<Tooltip title="Go to Traces Explorer" placement="left">
+									<Button
+										icon={<Compass size={18} />}
+										className="compass-button"
+										onClick={handleExplorePagesRedirect}
+									/>
+								</Tooltip>
 							)}
 						</div>
 					)}
@@ -791,12 +656,10 @@ function K8sBaseDetails<T>({
 							timeRange={modalTimeRange}
 							isModalTimeSelection
 							handleTimeChange={handleTimeChange}
-							handleChangeLogFilters={handleChangeLogFilters}
-							logFilters={logsAndTracesFilters}
 							selectedInterval={selectedInterval}
-							queryKeyFilters={primaryFilterKeys}
 							queryKey={`${queryKeyPrefix}Logs`}
 							category={category}
+							initialExpression={logsAndTracesInitialExpression}
 						/>
 					)}
 					{effectiveView === VIEW_TYPES.TRACES && (
@@ -804,12 +667,10 @@ function K8sBaseDetails<T>({
 							timeRange={modalTimeRange}
 							isModalTimeSelection
 							handleTimeChange={handleTimeChange}
-							handleChangeTracesFilters={handleChangeTracesFilters}
-							tracesFilters={logsAndTracesFilters}
 							selectedInterval={selectedInterval}
 							queryKey={`${queryKeyPrefix}Traces`}
-							category={eventCategory}
-							queryKeyFilters={primaryFilterKeys}
+							category={category}
+							initialExpression={logsAndTracesInitialExpression}
 						/>
 					)}
 					{effectiveView === VIEW_TYPES.EVENTS && tabVisibility.showEvents && (
@@ -817,11 +678,10 @@ function K8sBaseDetails<T>({
 							timeRange={modalTimeRange}
 							isModalTimeSelection
 							handleTimeChange={handleTimeChange}
-							handleChangeEventFilters={handleChangeEventsFilters}
-							filters={eventsFilters}
 							selectedInterval={selectedInterval}
 							category={category}
 							queryKey={`${queryKeyPrefix}Events`}
+							initialExpression={eventsInitialExpression}
 						/>
 					)}
 					{effectiveView === VIEW_TYPES.CONTAINERS &&
@@ -846,5 +706,3 @@ function K8sBaseDetails<T>({
 		</Drawer>
 	);
 }
-
-export default K8sBaseDetails;

frontend/src/container/InfraMonitoringK8s/EntityDetailsUtils/EntityEmptyState/EntityEmptyState.module.scss

@@ -0,0 +1,32 @@
+.container {
+	display: flex;
+	flex-direction: column;
+	justify-content: center;
+	align-items: center;
+	height: 240px;
+}
+
+.content {
+	display: flex;
+	flex-direction: column;
+	gap: 4px;
+	color: var(--muted-foreground);
+	font-size: 14px;
+	font-weight: 400;
+	line-height: 18px;
+	letter-spacing: -0.07px;
+}
+
+.icon {
+	height: 32px;
+	width: 32px;
+}
+
+.title {
+	font-weight: 600;
+}
+
+.subtitle {
+	font-weight: 400;
+	color: var(--muted-foreground);
+}

frontend/src/container/InfraMonitoringK8s/EntityDetailsUtils/EntityEmptyState/EntityEmptyState.tsx

@@ -0,0 +1,32 @@
+import { Typography } from '@signozhq/ui/typography';
+
+import emptyStateUrl from '@/assets/Icons/emptyState.svg';
+
+import styles from './EntityEmptyState.module.scss';
+
+interface EntityEmptyStateProps {
+	hasFilters: boolean;
+}
+
+export default function EntityEmptyState({
+	hasFilters,
+}: EntityEmptyStateProps): JSX.Element {
+	return (
+		<div className={styles.container}>
+			<div className={styles.content}>
+				<img src={emptyStateUrl} alt="empty-state" className={styles.icon} />
+				{hasFilters ? (
+					<Typography.Text>
+						<span className={styles.title}>This query had no results. </span>
+						Edit your query and try again!
+					</Typography.Text>
+				) : (
+					<Typography.Text>
+						<span className={styles.title}>No data yet. </span>
+						When we receive data, it will show up here.
+					</Typography.Text>
+				)}
+			</div>
+		</div>
+	);
+}

frontend/src/container/InfraMonitoringK8s/EntityDetailsUtils/EntityError/EntityError.module.scss

@@ -0,0 +1,40 @@
+.container {
+	display: flex;
+	flex-direction: column;
+	justify-content: center;
+	align-items: center;
+	height: 240px;
+}
+
+.content {
+	display: flex;
+	flex-direction: column;
+	gap: 4px;
+	color: var(--muted-foreground);
+	font-size: 14px;
+	font-weight: 400;
+	line-height: 18px;
+	letter-spacing: -0.07px;
+}
+
+.icon {
+	height: 32px;
+	width: 32px;
+}
+
+.title {
+	font-weight: 600;
+}
+
+.contactSupport {
+	display: flex;
+	align-items: center;
+	margin-top: 8px;
+	gap: 4px;
+	cursor: pointer;
+}
+
+.contactSupportText {
+	color: var(--text-robin-400);
+	font-weight: 500;
+}

frontend/src/container/InfraMonitoringK8s/EntityDetailsUtils/EntityError/EntityError.tsx

@@ -0,0 +1,50 @@
+import { Typography } from '@signozhq/ui/typography';
+import { useGetTenantLicense } from 'hooks/useGetTenantLicense';
+import history from 'lib/history';
+import { ArrowRight } from '@signozhq/icons';
+import { openInNewTab } from 'utils/navigation';
+
+import awwSnapUrl from '@/assets/Icons/awwSnap.svg';
+
+import styles from './EntityError.module.scss';
+
+export default function EntityError(): JSX.Element {
+	const { isCloudUser: isCloudUserVal } = useGetTenantLicense();
+
+	const handleContactSupport = (): void => {
+		if (isCloudUserVal) {
+			history.push('/support');
+		} else {
+			openInNewTab('https://signoz.io/slack');
+		}
+	};
+
+	return (
+		<div className={styles.container}>
+			<div className={styles.content}>
+				<img src={awwSnapUrl} alt="error" className={styles.icon} />
+				<Typography.Text>
+					<span className={styles.title}>Aw snap :/ </span>
+					Something went wrong. Please try again or contact support.
+				</Typography.Text>
+
+				<div
+					className={styles.contactSupport}
+					onClick={handleContactSupport}
+					role="button"
+					tabIndex={0}
+					onKeyDown={(e): void => {
+						if (e.key === 'Enter') {
+							handleContactSupport();
+						}
+					}}
+				>
+					<Typography.Link className={styles.contactSupportText}>
+						Contact Support
+					</Typography.Link>
+					<ArrowRight size={14} />
+				</div>
+			</div>
+		</div>
+	);
+}

frontend/src/container/InfraMonitoringK8s/EntityDetailsUtils/EntityEvents/EntityEvents.module.scss

@@ -0,0 +1,101 @@
+.container {
+	margin-top: 1rem;
+}
+
+.filterContainer {
+	display: flex;
+	flex-direction: column;
+	gap: 8px;
+	padding: var(--spacing-6);
+	border-radius: var(--radius);
+	border: 1px solid var(--l1-border);
+
+	:global(.ant-select-selector) {
+		border-radius: 2px;
+		border: 1px solid var(--l1-border) !important;
+		background-color: var(--l3-background) !important;
+
+		input {
+			font-size: 12px;
+		}
+
+		:global(.ant-tag .ant-typography) {
+			font-size: 12px;
+		}
+	}
+}
+
+.filterContainerTime {
+	display: flex;
+	justify-content: flex-end;
+	align-items: center;
+	gap: 8px;
+}
+
+.filterQuerySearch {
+	flex: 1;
+}
+
+.controls {
+	width: 100%;
+	display: flex;
+	justify-content: flex-end;
+}
+
+.eventsTable {
+	margin-top: var(--spacing-8);
+
+	:global(.ant-table) {
+		:global(.ant-table-thead) > tr > th {
+			padding: 12px;
+			font-weight: 500;
+			font-size: 11px;
+			line-height: 18px;
+			background: var(--card);
+			border-bottom: none;
+			color: var(--l2-foreground);
+			font-family: Inter;
+			font-style: normal;
+			font-weight: 600;
+			letter-spacing: 0.44px;
+			text-transform: uppercase;
+
+			&::before {
+				background-color: transparent;
+			}
+		}
+
+		:global(.ant-table-cell) {
+			padding: 12px;
+			font-size: 13px;
+			line-height: 20px;
+			color: var(--l1-foreground);
+			background: var(--card);
+			border-bottom: none;
+		}
+
+		:global(.ant-table-tbody) > tr:hover > td {
+			background: color-mix(in srgb, var(--l1-foreground) 4%, transparent);
+		}
+
+		:global(.ant-table-tbody) > tr > td {
+			border-bottom: none;
+		}
+
+		:global(.ant-table-thead)
+			> tr
+			> th:not(:last-child):not(:global(.ant-table-selection-column)):not(
+				:global(.ant-table-row-expand-icon-cell)
+			):not([colspan])::before {
+			background-color: transparent;
+		}
+
+		:global(.ant-empty-normal) {
+			visibility: hidden;
+		}
+	}
+}
+
+.expandIcon {
+	cursor: pointer;
+}

frontend/src/container/InfraMonitoringK8s/EntityDetailsUtils/EntityEvents/EntityEvents.tsx

@@ -1,226 +1,184 @@
-import { useEffect, useMemo, useState } from 'react';
-import { useQuery } from 'react-query';
-import { Color } from '@signozhq/design-tokens';
-import { Button, Table, TableColumnsType } from 'antd';
-import { DEFAULT_ENTITY_VERSION } from 'constants/app';
-import { EventContents } from 'container/InfraMonitoringK8s/commonUtils';
-import { VIEWS } from 'container/InfraMonitoringK8s/constants';
+import { useCallback, useEffect, useMemo } from 'react';
+import { Table, TableColumnsType } from 'antd';
+import logEvent from 'api/common/logEvent';
+import {
+	QuerySearchV2Provider,
+	useExpression,
+	useInitialExpression,
+	useInputExpression,
+	useQuerySearchInitialExpressionProp,
+	useQuerySearchOnChange,
+	useQuerySearchOnRun,
+	useUserExpression,
+} from 'components/QueryBuilderV2';
+import QuerySearch from 'components/QueryBuilderV2/QueryV2/QuerySearch/QuerySearch';
+import {
+	combineInitialAndUserExpression,
+	getUserExpressionFromCombined,
+} from 'components/QueryBuilderV2/QueryV2/QuerySearch/utils';
+import { InfraMonitoringEvents } from 'constants/events';
+import Controls from 'container/Controls';
 import { InfraMonitoringEntity } from 'container/InfraMonitoringK8s/constants';
 import LoadingContainer from 'container/InfraMonitoringK8s/LoadingContainer';
-import { INITIAL_PAGE_SIZE } from 'container/LogsContextList/configs';
-import LogsError from 'container/LogsError/LogsError';
-import { ORDERBY_FILTERS } from 'container/QueryBuilder/filters/OrderByFilter/config';
-import QueryBuilderSearch from 'container/QueryBuilder/filters/QueryBuilderSearch';
+import RunQueryBtn from 'container/QueryBuilder/components/RunQueryBtn/RunQueryBtn';
 import DateTimeSelectionV2 from 'container/TopNav/DateTimeSelectionV2';
 import {
 	CustomTimeType,
 	Time,
 } from 'container/TopNav/DateTimeSelectionV2/types';
-import { useQueryBuilder } from 'hooks/queryBuilder/useQueryBuilder';
-import { GetMetricQueryRange } from 'lib/dashboard/getQueryResults';
-import { isArray } from 'lodash-es';
-import {
-	ChevronDown,
-	ChevronLeft,
-	ChevronRight,
-	LoaderCircle,
-} from '@signozhq/icons';
-import { IBuilderQuery } from 'types/api/queryBuilder/queryBuilderData';
+import { ChevronDown, ChevronRight } from '@signozhq/icons';
+import { useQueryState } from 'nuqs';
 import { DataSource } from 'types/common/queryBuilder';
+import { parseAsJsonNoValidate } from 'utils/nuqsParsers';
+import { validateQuery } from 'utils/queryValidationUtils';
 
-import {
-	EntityDetailsEmptyContainer,
-	getEntityEventsOrLogsQueryPayload,
-	QUERY_KEYS,
-} from '../utils';
+import EntityEmptyState from '../EntityEmptyState/EntityEmptyState';
+import EntityError from '../EntityError/EntityError';
+import { EventContents } from './EventsContent';
+import EventsNotConfigured from './EventsNotConfigured';
+import { K8S_ENTITY_EVENTS_EXPRESSION_KEY, useEntityEvents } from './hooks';
+import { getEntityEventsQueryPayload, isEventsKeyNotFoundError } from './utils';
 
-import './entityEvents.styles.scss';
+import styles from './EntityEvents.module.scss';
 
 interface EventDataType {
 	key: string;
 	timestamp: string;
 	body: string;
 	id: string;
-	attributes_bool?: Record<string, boolean>;
-	attributes_number?: Record<string, number>;
+	severity: string;
 	attributes_string?: Record<string, string>;
 	resources_string?: Record<string, string>;
-	scope_name?: string;
-	scope_string?: Record<string, string>;
-	scope_version?: string;
-	severity_number?: number;
-	severity_text?: string;
-	span_id?: string;
-	trace_flags?: number;
-	trace_id?: string;
-	severity?: string;
 }
 
-interface IEntityEventsProps {
+interface Props {
 	timeRange: {
 		startTime: number;
 		endTime: number;
 	};
-	handleChangeEventFilters: (
-		filters: IBuilderQuery['filters'],
-		view: VIEWS,
-	) => void;
-	filters: IBuilderQuery['filters'];
 	isModalTimeSelection: boolean;
 	handleTimeChange: (
 		interval: Time | CustomTimeType,
 		dateTimeRange?: [number, number],
 	) => void;
 	selectedInterval: Time;
-	category: InfraMonitoringEntity;
 	queryKey: string;
+	category: InfraMonitoringEntity;
+	initialExpression: string;
 }
 
-const EventsPageSize = 10;
+const PAGE_SIZE_OPTIONS = [10, 20, 50];
 
-export default function Events({
+const handleExpandRow = (record: EventDataType): JSX.Element => (
+	<EventContents
+		data={{ ...record.attributes_string, ...record.resources_string }}
+	/>
+);
+
+function EntityEventsContent({
 	timeRange,
-	handleChangeEventFilters,
-	filters,
 	isModalTimeSelection,
 	handleTimeChange,
 	selectedInterval,
-	category,
 	queryKey,
-}: IEntityEventsProps): JSX.Element {
-	const { currentQuery } = useQueryBuilder();
+	category,
+}: Omit<Props, 'initialExpression'>): JSX.Element {
+	const expression = useExpression();
+	const inputExpression = useInputExpression();
+	const userExpression = useUserExpression();
+	const initialExpression = useInitialExpression();
+	const querySearchOnChange = useQuerySearchOnChange();
+	const querySearchOnRun = useQuerySearchOnRun();
+	const querySearchInitialExpressionProp = useQuerySearchInitialExpressionProp();
 
-	const [formattedEntityEvents, setFormattedEntityEvents] = useState<
-		EventDataType[]
-	>([]);
-
-	const [hasReachedEndOfEvents, setHasReachedEndOfEvents] = useState(false);
-
-	const [page, setPage] = useState(1);
-
-	const updatedCurrentQuery = useMemo(
-		() => ({
-			...currentQuery,
-			builder: {
-				...currentQuery.builder,
-				queryData: [
-					{
-						...currentQuery.builder.queryData[0],
-						dataSource: DataSource.LOGS,
-						aggregateOperator: 'noop',
-						aggregateAttribute: {
-							...currentQuery.builder.queryData[0].aggregateAttribute,
-						},
-						filters: {
-							items: filters?.items?.filter(
-								(item) =>
-									item.key?.key !== QUERY_KEYS.K8S_OBJECT_KIND &&
-									item.key?.key !== QUERY_KEYS.K8S_OBJECT_NAME,
-							),
-							op: 'AND',
-						},
-					},
-				],
-			},
-		}),
-		[currentQuery, filters],
+	const [pagination, setPagination] = useQueryState(
+		'eventsPagination',
+		parseAsJsonNoValidate<{ offset: number; limit: number }>(),
 	);
 
-	const query = updatedCurrentQuery?.builder?.queryData[0] || null;
-
-	const queryPayload = useMemo(() => {
-		const basePayload = getEntityEventsOrLogsQueryPayload(
-			timeRange.startTime,
-			timeRange.endTime,
-			filters,
-		);
-
-		basePayload.query.builder.queryData[0].pageSize = INITIAL_PAGE_SIZE;
-		basePayload.query.builder.queryData[0].offset =
-			(page - 1) * INITIAL_PAGE_SIZE;
-		basePayload.query.builder.queryData[0].orderBy = [
-			{ columnName: 'timestamp', order: ORDERBY_FILTERS.DESC },
-			{ columnName: 'id', order: ORDERBY_FILTERS.DESC },
-		];
-
-		return basePayload;
-	}, [timeRange.startTime, timeRange.endTime, filters, page]);
+	const pageSize = pagination?.limit || PAGE_SIZE_OPTIONS[0];
+	const offset = pagination?.offset || 0;
 
 	const {
-		data: eventsData,
+		events,
 		isLoading,
 		isFetching,
 		isError,
-	} = useQuery({
-		queryKey: [queryKey, timeRange.startTime, timeRange.endTime, filters, page],
-		queryFn: () => GetMetricQueryRange(queryPayload, DEFAULT_ENTITY_VERSION),
-		enabled: !!queryPayload,
+		error,
+		currentCount,
+		hasMore,
+		refetch,
+		cancel,
+	} = useEntityEvents({
+		queryKey,
+		timeRange,
+		expression,
+		offset,
+		pageSize,
 	});
 
+	const handleRunQuery = useCallback(
+		(updatedExpression?: string): void => {
+			const newUserExpression = updatedExpression
+				? getUserExpressionFromCombined(initialExpression, updatedExpression)
+				: inputExpression;
+			const validation = validateQuery(
+				initialExpression
+					? combineInitialAndUserExpression(initialExpression, newUserExpression)
+					: newUserExpression || '',
+			);
+			if (validation.isValid) {
+				querySearchOnRun(newUserExpression || '');
+
+				logEvent(InfraMonitoringEvents.FilterApplied, {
+					entity: InfraMonitoringEvents.K8sEntity,
+					page: InfraMonitoringEvents.DetailedPage,
+					category,
+					view: InfraMonitoringEvents.EventsView,
+				});
+
+				refetch();
+			}
+		},
+		[inputExpression, initialExpression, refetch, querySearchOnRun, category],
+	);
+
+	const queryData = useMemo(
+		() =>
+			getEntityEventsQueryPayload({
+				start: timeRange.startTime,
+				end: timeRange.endTime,
+				expression: userExpression || '',
+			}).queryData,
+		[timeRange.startTime, timeRange.endTime, userExpression],
+	);
+
+	const formattedEvents = useMemo<EventDataType[]>(
+		() =>
+			events.map((event) => ({
+				key: event.data.id,
+				id: event.data.id,
+				timestamp: event.timestamp,
+				body: event.data.body,
+				severity: event.data.severity_text,
+				attributes_string: event.data.attributes_string,
+				resources_string: event.data.resources_string,
+			})),
+		[events],
+	);
+
 	const columns: TableColumnsType<EventDataType> = [
 		{ title: 'Severity', dataIndex: 'severity', key: 'severity', width: 100 },
 		{
 			title: 'Timestamp',
 			dataIndex: 'timestamp',
-			width: 200,
+			width: 240,
 			ellipsis: true,
 			key: 'timestamp',
 		},
 		{ title: 'Body', dataIndex: 'body', key: 'body' },
 	];
 
-	useEffect(() => {
-		if (eventsData?.payload?.data?.newResult?.data?.result) {
-			const responsePayload =
-				eventsData?.payload.data.newResult.data.result[0].list || [];
-
-			const formattedData = responsePayload?.map(
-				(event): EventDataType => ({
-					timestamp: event.timestamp,
-					severity: event.data.severity_text,
-					body: event.data.body,
-					id: event.data.id,
-					key: event.data.id,
-					resources_string: event.data.resources_string,
-					attributes_string: event.data.attributes_string,
-				}),
-			);
-
-			setFormattedEntityEvents(formattedData);
-
-			if (
-				!responsePayload ||
-				(responsePayload &&
-					isArray(responsePayload) &&
-					responsePayload.length < EventsPageSize)
-			) {
-				setHasReachedEndOfEvents(true);
-			} else {
-				setHasReachedEndOfEvents(false);
-			}
-		}
-	}, [eventsData]);
-
-	const handleExpandRow = (record: EventDataType): JSX.Element => (
-		<EventContents
-			data={{ ...record.attributes_string, ...record.resources_string }}
-		/>
-	);
-
-	const handlePrev = (): void => {
-		if (!formattedEntityEvents.length) {
-			return;
-		}
-		setPage(page - 1);
-	};
-
-	const handleNext = (): void => {
-		if (!formattedEntityEvents.length) {
-			return;
-		}
-		setPage(page + 1);
-	};
-
 	const handleExpandRowIcon = ({
 		expanded,
 		onExpand,
@@ -232,39 +190,36 @@ export default function Events({
 			e: React.MouseEvent<HTMLElement, MouseEvent>,
 		) => void;
 		record: EventDataType;
-	}): JSX.Element =>
-		expanded ? (
-			<ChevronDown
-				className="periscope-btn-icon"
-				size={14}
-				onClick={(e): void =>
-					onExpand(record, e as unknown as React.MouseEvent<HTMLElement, MouseEvent>)
-				}
-			/>
+	}): JSX.Element => {
+		const handleClick = (e: React.MouseEvent<SVGSVGElement>): void => {
+			onExpand(record, e as unknown as React.MouseEvent<HTMLElement, MouseEvent>);
+		};
+
+		return expanded ? (
+			<ChevronDown className={styles.expandIcon} size={14} onClick={handleClick} />
 		) : (
 			<ChevronRight
-				className="periscope-btn-icon"
+				className={styles.expandIcon}
 				size={14}
-				// eslint-disable-next-line sonarjs/no-identical-functions
-				onClick={(e): void =>
-					onExpand(record, e as unknown as React.MouseEvent<HTMLElement, MouseEvent>)
-				}
+				onClick={handleClick}
 			/>
 		);
+	};
+
+	useEffect(() => {
+		return (): void => {
+			void setPagination(null);
+		};
+	}, [setPagination]);
+
+	const isDataEmpty =
+		!isLoading && !isFetching && !isError && formattedEvents.length === 0;
+	const hasAdditionalFilters = !!userExpression?.trim();
 
 	return (
-		<div className="entity-events-container">
-			<div className="entity-events-header">
-				<div className="filter-section">
-					{query && (
-						<QueryBuilderSearch
-							query={query as IBuilderQuery}
-							onChange={(value): void => handleChangeEventFilters(value, VIEWS.EVENTS)}
-							disableNavigationShortcuts
-						/>
-					)}
-				</div>
-				<div className="datetime-section">
+		<div className={styles.container}>
+			<div className={styles.filterContainer}>
+				<div className={styles.filterContainerTime}>
 					<DateTimeSelectionV2
 						showAutoRefresh
 						showRefreshText={false}
@@ -276,67 +231,95 @@ export default function Events({
 						modalInitialStartTime={timeRange.startTime * 1000}
 						modalInitialEndTime={timeRange.endTime * 1000}
 					/>
+
+					<RunQueryBtn
+						isLoadingQueries={isFetching}
+						onStageRunQuery={(): void => handleRunQuery()}
+						handleCancelQuery={cancel}
+					/>
+				</div>
+
+				<div className={styles.filterQuerySearch}>
+					<QuerySearch
+						onChange={querySearchOnChange}
+						queryData={queryData}
+						dataSource={DataSource.LOGS}
+						onRun={handleRunQuery}
+						initialExpression={querySearchInitialExpressionProp}
+					/>
 				</div>
 			</div>
 
-			{isLoading && formattedEntityEvents.length === 0 && <LoadingContainer />}
+			{isLoading && formattedEvents.length === 0 && <LoadingContainer />}
 
-			{!isLoading && !isError && formattedEntityEvents.length === 0 && (
-				<EntityDetailsEmptyContainer category={category} view="events" />
+			{isDataEmpty && <EntityEmptyState hasFilters={hasAdditionalFilters} />}
+
+			{isError && !isLoading && isEventsKeyNotFoundError(error) && (
+				<EventsNotConfigured />
 			)}
 
-			{isError && !isLoading && <LogsError />}
+			{isError && !isLoading && !isEventsKeyNotFoundError(error) && (
+				<EntityError />
+			)}
 
-			{!isLoading && !isError && formattedEntityEvents.length > 0 && (
-				<div className="entity-events-list-container">
-					<div className="entity-events-list-card">
-						<Table<EventDataType>
-							loading={isLoading && page > 1}
-							columns={columns}
-							expandable={{
-								expandedRowRender: handleExpandRow,
-								rowExpandable: (record): boolean => record.body !== 'Not Expandable',
-								expandIcon: handleExpandRowIcon,
+			{!isLoading && !isError && formattedEvents.length > 0 && (
+				<div className={styles.eventsTable}>
+					<div className={styles.controls}>
+						<Controls
+							totalCount={hasMore ? currentCount + 1 : currentCount}
+							countPerPage={pageSize}
+							offset={offset}
+							perPageOptions={PAGE_SIZE_OPTIONS}
+							isLoading={isFetching}
+							handleNavigatePrevious={(): void => {
+								void setPagination({
+									offset: Math.max(0, offset - pageSize),
+									limit: pageSize,
+								});
+							}}
+							handleNavigateNext={(): void => {
+								void setPagination({
+									offset: offset + pageSize,
+									limit: pageSize,
+								});
+							}}
+							handleCountItemsPerPageChange={(value): void => {
+								void setPagination({
+									offset: 0,
+									limit: value,
+								});
 							}}
-							dataSource={formattedEntityEvents}
-							pagination={false}
-							rowKey={(record): string => record.id}
 						/>
 					</div>
-				</div>
-			)}
 
-			{!isError && formattedEntityEvents.length > 0 && (
-				<div className="entity-events-footer">
-					<Button
-						className="entity-events-footer-button periscope-btn ghost"
-						type="link"
-						onClick={handlePrev}
-						disabled={page === 1 || isFetching || isLoading}
-					>
-						{!isFetching && <ChevronLeft size={14} />}
-						Prev
-					</Button>
-
-					<Button
-						className="entity-events-footer-button periscope-btn ghost"
-						type="link"
-						onClick={handleNext}
-						disabled={hasReachedEndOfEvents || isFetching || isLoading}
-					>
-						Next
-						{!isFetching && <ChevronRight size={14} />}
-					</Button>
-
-					{(isFetching || isLoading) && (
-						<LoaderCircle
-							className="animate-spin"
-							size={16}
-							color={Color.BG_ROBIN_500}
-						/>
-					)}
+					<Table<EventDataType>
+						loading={isFetching && formattedEvents.length === 0}
+						columns={columns}
+						expandable={{
+							expandedRowRender: handleExpandRow,
+							rowExpandable: (record): boolean => record.body !== 'Not Expandable',
+							expandIcon: handleExpandRowIcon,
+						}}
+						dataSource={formattedEvents}
+						pagination={false}
+						rowKey={(record): string => record.id}
+					/>
 				</div>
 			)}
 		</div>
 	);
 }
+
+function EntityEvents({ initialExpression, ...rest }: Props): JSX.Element {
+	return (
+		<QuerySearchV2Provider
+			queryParamKey={K8S_ENTITY_EVENTS_EXPRESSION_KEY}
+			initialExpression={initialExpression}
+			persistOnUnmount
+		>
+			<EntityEventsContent {...rest} />
+		</QuerySearchV2Provider>
+	);
+}
+
+export default EntityEvents;

frontend/src/container/InfraMonitoringK8s/EntityDetailsUtils/EntityEvents/EventsContent.module.scss

@@ -1,4 +1,6 @@
 .eventContentContainer {
+	padding: var(--spacing-6);
+
 	:global(.ant-table) {
 		background: var(--l1-background);
 
@@ -14,20 +16,13 @@
 		}
 
 		:global(.ant-table-cell) {
-			border: 1px solid var(--l2-border);
+			border: 1px solid var(--l2-border) !important;
 		}
 
 		:global(.attribute-name .ant-btn:hover) {
 			background-color: transparent !important;
 		}
 
-		:global(.attribute-pin) {
-			cursor: pointer;
-			padding: 0;
-			vertical-align: middle;
-			text-align: center;
-		}
-
 		:global(.attribute-pin .log-attribute-pin) {
 			padding: 8px;
 			display: flex;

frontend/src/container/InfraMonitoringK8s/EntityDetailsUtils/EntityEvents/EventsContent.tsx

@@ -0,0 +1,52 @@
+import { useMemo } from 'react';
+import type { ColumnsType } from 'antd/lib/table';
+import { ResizeTable } from 'components/ResizeTable';
+import FieldRenderer from 'container/LogDetailedView/FieldRenderer';
+import { DataType } from 'container/LogDetailedView/TableView';
+
+import styles from './EventsContent.module.scss';
+
+export function EventContents({
+	data,
+}: {
+	data: Record<string, string> | undefined;
+}): JSX.Element {
+	const tableData = useMemo(
+		() =>
+			data ? Object.keys(data).map((key) => ({ key, value: data[key] })) : [],
+		[data],
+	);
+
+	const columns: ColumnsType<DataType> = [
+		{
+			title: 'Key',
+			dataIndex: 'key',
+			key: 'key',
+			width: 50,
+			align: 'left',
+			className: 'attribute-pin value-field-container',
+			render: (field: string): JSX.Element => <FieldRenderer field={field} />,
+		},
+		{
+			title: 'Value',
+			dataIndex: 'value',
+			key: 'value',
+			width: 50,
+			align: 'left',
+			ellipsis: true,
+			className: 'attribute-name',
+			render: (field: string): JSX.Element => <FieldRenderer field={field} />,
+		},
+	];
+
+	return (
+		<ResizeTable
+			columns={columns}
+			tableLayout="fixed"
+			dataSource={tableData}
+			pagination={false}
+			showHeader={false}
+			className={styles.eventContentContainer}
+		/>
+	);
+}

frontend/src/container/InfraMonitoringK8s/EntityDetailsUtils/EntityEvents/EventsNotConfigured.module.scss

@@ -0,0 +1,40 @@
+.container {
+	display: flex;
+	flex-direction: column;
+	justify-content: center;
+	align-items: center;
+	height: 240px;
+}
+
+.content {
+	display: flex;
+	flex-direction: column;
+	gap: 4px;
+	color: var(--muted-foreground);
+	font-size: 14px;
+	font-weight: 400;
+	line-height: 18px;
+	letter-spacing: -0.07px;
+}
+
+.icon {
+	height: 32px;
+	width: 32px;
+}
+
+.title {
+	font-weight: 600;
+}
+
+.learnMore {
+	display: flex;
+	align-items: center;
+	margin-top: 8px;
+	gap: 4px;
+	cursor: pointer;
+}
+
+.learnMoreText {
+	color: var(--text-robin-400);
+	font-weight: 500;
+}

frontend/src/container/InfraMonitoringK8s/EntityDetailsUtils/EntityEvents/EventsNotConfigured.tsx

@@ -0,0 +1,46 @@
+import { Typography } from '@signozhq/ui/typography';
+import { ArrowRight } from '@signozhq/icons';
+import { openInNewTab } from 'utils/navigation';
+
+import emptyStateUrl from '@/assets/Icons/emptyState.svg';
+
+import styles from './EventsNotConfigured.module.scss';
+
+const K8S_EVENTS_DOCS_URL =
+	'https://signoz.io/docs/infrastructure-monitoring/k8s-metrics/';
+
+export default function EventsNotConfigured(): JSX.Element {
+	const handleLearnMore = (): void => {
+		openInNewTab(K8S_EVENTS_DOCS_URL);
+	};
+
+	return (
+		<div className={styles.container}>
+			<div className={styles.content}>
+				<img src={emptyStateUrl} alt="not-configured" className={styles.icon} />
+				<Typography.Text>
+					<span className={styles.title}>No Kubernetes events received yet. </span>
+					To view events, enable the k8s events receiver in your OpenTelemetry
+					Collector.
+				</Typography.Text>
+
+				<div
+					className={styles.learnMore}
+					onClick={handleLearnMore}
+					role="button"
+					tabIndex={0}
+					onKeyDown={(e): void => {
+						if (e.key === 'Enter') {
+							handleLearnMore();
+						}
+					}}
+				>
+					<Typography.Link className={styles.learnMoreText}>
+						Learn how to configure
+					</Typography.Link>
+					<ArrowRight size={14} />
+				</div>
+			</div>
+		</div>
+	);
+}

frontend/src/container/InfraMonitoringK8s/EntityDetailsUtils/EntityEvents/__tests__/EntityEvents.test.tsx

@@ -1,348 +1,100 @@
-import { fireEvent, render, screen } from '@testing-library/react';
-import { initialQueriesMap } from 'constants/queryBuilder';
-import ROUTES from 'constants/routes';
+import { mockQueryRangeV5WithEventsResponse } from '__tests__/query_range_v5.util';
 import { InfraMonitoringEntity } from 'container/InfraMonitoringK8s/constants';
-import { Time } from 'container/TopNav/DateTimeSelectionV2/types';
-import * as useQueryBuilderHooks from 'hooks/queryBuilder/useQueryBuilder';
-import * as appContextHooks from 'providers/App/App';
-import { LicenseEvent } from 'types/api/licensesV3/getActive';
-import { DataTypes } from 'types/api/queryBuilder/queryAutocompleteResponse';
-import { IBuilderQuery } from 'types/api/queryBuilder/queryBuilderData';
-import { DataSource } from 'types/common/queryBuilder';
+import { NuqsTestingAdapter } from 'nuqs/adapters/testing';
+import { act, render, screen, waitFor } from 'tests/test-utils';
+import { QueryRangePayloadV5 } from 'types/api/v5/queryRange';
 
 import EntityEvents from '../EntityEvents';
+import { K8S_ENTITY_EVENTS_EXPRESSION_KEY } from '../hooks';
 
-jest.mock('container/TopNav/DateTimeSelectionV2', () => ({
+function verifyEntityEventsV5Request({
+	payload,
+	expectedOffset,
+	initialTimeRange,
+}: {
+	payload: QueryRangePayloadV5;
+	expectedOffset: number;
+	initialTimeRange?: { start: number; end: number };
+}): void {
+	const spec = payload.compositeQuery.queries[0]?.spec as {
+		offset?: number;
+		order?: Array<{ key: { name: string }; direction: string }>;
+	};
+	expect(spec.offset).toBe(expectedOffset);
+	if (initialTimeRange) {
+		expect(payload.start).toBe(initialTimeRange.start);
+		expect(payload.end).toBe(initialTimeRange.end);
+	}
+	const orderKeys = spec.order?.map((o) => o.key.name) ?? [];
+	expect(orderKeys).toContain('timestamp');
+}
+
+jest.mock('container/TopNav/DateTimeSelectionV2/index.tsx', () => ({
 	__esModule: true,
-	default: (): JSX.Element => (
-		<div data-testid="date-time-selection">Date Time</div>
+	default: ({
+		onTimeChange,
+	}: {
+		onTimeChange?: (interval: string, dateTimeRange?: [number, number]) => void;
+	}): JSX.Element => (
+		<button
+			type="button"
+			data-testid="mock-datetime-selection"
+			onClick={(): void => {
+				onTimeChange?.('5m');
+			}}
+		>
+			Select Time
+		</button>
 	),
 }));
 
-const mockUseQuery = jest.fn();
-jest.mock('react-query', () => ({
-	...jest.requireActual('react-query'),
-	useQuery: (queryKey: any, queryFn: any, options: any): any =>
-		mockUseQuery(queryKey, queryFn, options),
-}));
-
-jest.mock('react-router-dom', () => ({
-	...jest.requireActual('react-router-dom'),
-	useLocation: (): { pathname: string } => ({
-		pathname: `${process.env.FRONTEND_API_ENDPOINT}/${ROUTES.INFRASTRUCTURE_MONITORING_KUBERNETES}/`,
-	}),
-}));
-
-jest.spyOn(appContextHooks, 'useAppContext').mockReturnValue({
-	user: {
-		role: 'admin',
-	},
-	activeLicenseV3: {
-		event_queue: {
-			created_at: '0',
-			event: LicenseEvent.NO_EVENT,
-			scheduled_at: '0',
-			status: '',
-			updated_at: '0',
-		},
-		license: {
-			license_key: 'test-license-key',
-			license_type: 'trial',
-			org_id: 'test-org-id',
-			plan_id: 'test-plan-id',
-			plan_name: 'test-plan-name',
-			plan_type: 'trial',
-			plan_version: 'test-plan-version',
-		},
-	},
-} as any);
-
-const mockUseQueryBuilderData = {
-	handleRunQuery: jest.fn(),
-	stagedQuery: initialQueriesMap[DataSource.METRICS],
-	updateAllQueriesOperators: jest.fn(),
-	currentQuery: initialQueriesMap[DataSource.METRICS],
-	resetQuery: jest.fn(),
-	redirectWithQueryBuilderData: jest.fn(),
-	isStagedQueryUpdated: jest.fn(),
-	handleSetQueryData: jest.fn(),
-	handleSetFormulaData: jest.fn(),
-	handleSetQueryItemData: jest.fn(),
-	handleSetConfig: jest.fn(),
-	removeQueryBuilderEntityByIndex: jest.fn(),
-	removeQueryTypeItemByIndex: jest.fn(),
-	isDefaultQuery: jest.fn(),
-};
-
-jest.spyOn(useQueryBuilderHooks, 'useQueryBuilder').mockReturnValue({
-	...mockUseQueryBuilderData,
-} as any);
-
-const timeRange = {
-	startTime: 1718236800,
-	endTime: 1718236800,
-};
-
-const mockHandleChangeEventFilters = jest.fn();
-
-const mockFilters: IBuilderQuery['filters'] = {
-	items: [
-		{
-			id: 'pod-name',
-			key: {
-				id: 'pod-name',
-				dataType: DataTypes.String,
-				key: 'pod-name',
-				type: 'tag',
-				isIndexed: false,
-			},
-			op: '=',
-			value: 'pod-1',
-		},
-	],
-	op: 'and',
-};
-
-const isModalTimeSelection = false;
-const mockHandleTimeChange = jest.fn();
-const selectedInterval: Time = '1m';
-const category = InfraMonitoringEntity.PODS;
-const queryKey = 'pod-events';
-
-const mockEventsData = {
-	payload: {
-		data: {
-			newResult: {
-				data: {
-					result: [
-						{
-							list: [
-								{
-									timestamp: '2024-01-15T10:00:00Z',
-									data: {
-										id: 'event-1',
-										severity_text: 'INFO',
-										body: 'Test event 1',
-										resources_string: { 'pod.name': 'test-pod-1' },
-										attributes_string: { service: 'test-service' },
-									},
-								},
-								{
-									timestamp: '2024-01-15T10:01:00Z',
-									data: {
-										id: 'event-2',
-										severity_text: 'WARN',
-										body: 'Test event 2',
-										resources_string: { 'pod.name': 'test-pod-2' },
-										attributes_string: { service: 'test-service' },
-									},
-								},
-							],
-						},
-					],
-				},
-			},
-		},
-	},
-};
-
-const mockEmptyEventsData = {
-	payload: {
-		data: {
-			newResult: {
-				data: {
-					result: [
-						{
-							list: [],
-						},
-					],
-				},
-			},
-		},
-	},
-};
-
-const createMockEvent = (
-	id: string,
-	severity: string,
-	body: string,
-	podName: string,
-): any => ({
-	timestamp: `2024-01-15T10:${id.padStart(2, '0')}:00Z`,
-	data: {
-		id: `event-${id}`,
-		severity_text: severity,
-		body,
-		resources_string: { 'pod.name': podName },
-		attributes_string: { service: 'test-service' },
-	},
-});
-
-const createMockMoreEventsData = (): any => ({
-	payload: {
-		data: {
-			newResult: {
-				data: {
-					result: [
-						{
-							list: Array.from({ length: 11 }, (_, i) =>
-								createMockEvent(
-									String(i + 1),
-									['INFO', 'WARN', 'ERROR', 'DEBUG'][i % 4],
-									`Test event ${i + 1}`,
-									`test-pod-${i + 1}`,
-								),
-							),
-						},
-					],
-				},
-			},
-		},
-	},
-});
-
-const renderEntityEvents = (overrides = {}): any => {
-	const defaultProps = {
-		timeRange,
-		handleChangeEventFilters: mockHandleChangeEventFilters,
-		filters: mockFilters,
-		isModalTimeSelection,
-		handleTimeChange: mockHandleTimeChange,
-		selectedInterval,
-		category,
-		queryKey,
-		...overrides,
-	};
-
-	return render(
-		<EntityEvents
-			timeRange={defaultProps.timeRange}
-			handleChangeEventFilters={defaultProps.handleChangeEventFilters}
-			filters={defaultProps.filters}
-			isModalTimeSelection={defaultProps.isModalTimeSelection}
-			handleTimeChange={defaultProps.handleTimeChange}
-			selectedInterval={defaultProps.selectedInterval}
-			category={defaultProps.category}
-			queryKey={defaultProps.queryKey}
-		/>,
-	);
-};
-
 describe('EntityEvents', () => {
+	let capturedQueryRangePayloads: QueryRangePayloadV5[] = [];
+
 	beforeEach(() => {
-		jest.clearAllMocks();
-		mockUseQuery.mockReturnValue({
-			data: mockEventsData,
-			isLoading: false,
-			isError: false,
-			isFetching: false,
+		capturedQueryRangePayloads = [];
+		mockQueryRangeV5WithEventsResponse({
+			onReceiveRequest: async (req) => {
+				const body = (await req.json()) as QueryRangePayloadV5;
+				capturedQueryRangePayloads.push(body);
+				return {};
+			},
 		});
 	});
 
-	it('should render events list with data', () => {
-		renderEntityEvents();
-		expect(screen.getByText('Prev')).toBeInTheDocument();
-		expect(screen.getByText('Next')).toBeInTheDocument();
-		expect(screen.getByText('Test event 1')).toBeInTheDocument();
-		expect(screen.getByText('Test event 2')).toBeInTheDocument();
-		expect(screen.getByText('INFO')).toBeInTheDocument();
-		expect(screen.getByText('WARN')).toBeInTheDocument();
-	});
-
-	it('renders empty state when no events are found', () => {
-		mockUseQuery.mockReturnValue({
-			data: mockEmptyEventsData,
-			isLoading: false,
-			isError: false,
-			isFetching: false,
+	it('should use V5 API for fetching events', async () => {
+		act(() => {
+			render(
+				<NuqsTestingAdapter
+					searchParams={`${K8S_ENTITY_EVENTS_EXPRESSION_KEY}=k8s.pod.name+%3D+%22x%22`}
+				>
+					<EntityEvents
+						timeRange={{ startTime: 1, endTime: 2 }}
+						isModalTimeSelection={false}
+						handleTimeChange={jest.fn()}
+						selectedInterval="5m"
+						queryKey="test"
+						category={InfraMonitoringEntity.PODS}
+						initialExpression='k8s.pod.name = "x"'
+					/>
+				</NuqsTestingAdapter>,
+			);
 		});
 
-		renderEntityEvents();
-		expect(screen.getByText(/No events found for this pods/)).toBeInTheDocument();
-	});
-
-	it('renders loader when fetching events', () => {
-		mockUseQuery.mockReturnValue({
-			data: undefined,
-			isLoading: true,
-			isError: false,
-			isFetching: true,
+		await waitFor(() => {
+			expect(
+				screen.queryByText('pending_data_placeholder'),
+			).not.toBeInTheDocument();
 		});
 
-		renderEntityEvents();
-		expect(screen.getByTestId('loader')).toBeInTheDocument();
-	});
-
-	it('shows pagination controls when events are present', () => {
-		renderEntityEvents();
-		expect(screen.getByText('Prev')).toBeInTheDocument();
-		expect(screen.getByText('Next')).toBeInTheDocument();
-	});
-
-	it('disables Prev button on first page', () => {
-		renderEntityEvents();
-		const prevButton = screen.getByText('Prev').closest('button');
-		expect(prevButton).toBeDisabled();
-	});
-
-	it('enables Next button when more events are available', () => {
-		mockUseQuery.mockReturnValue({
-			data: createMockMoreEventsData(),
-			isLoading: false,
-			isError: false,
-			isFetching: false,
+		await waitFor(() => {
+			expect(capturedQueryRangePayloads).toHaveLength(1);
 		});
 
-		renderEntityEvents();
-		const nextButton = screen.getByText('Next').closest('button');
-		expect(nextButton).not.toBeDisabled();
-	});
-
-	it('navigates to next page when Next button is clicked', () => {
-		mockUseQuery.mockReturnValue({
-			data: createMockMoreEventsData(),
-			isLoading: false,
-			isError: false,
-			isFetching: false,
+		const firstPayload = capturedQueryRangePayloads[0];
+		verifyEntityEventsV5Request({
+			payload: firstPayload,
+			expectedOffset: 0,
 		});
-
-		renderEntityEvents();
-
-		const nextButton = screen.getByText('Next').closest('button');
-		expect(nextButton).not.toBeNull();
-		fireEvent.click(nextButton as Element);
-
-		const { calls } = mockUseQuery.mock;
-		const hasPage2Call = calls.some((call) => {
-			const { queryKey: callQueryKey } = call[0] || {};
-			return Array.isArray(callQueryKey) && callQueryKey.includes(2);
-		});
-		expect(hasPage2Call).toBe(true);
-	});
-
-	it('navigates to previous page when Prev button is clicked', () => {
-		mockUseQuery.mockReturnValue({
-			data: createMockMoreEventsData(),
-			isLoading: false,
-			isError: false,
-			isFetching: false,
-		});
-
-		renderEntityEvents();
-
-		const nextButton = screen.getByText('Next').closest('button');
-		expect(nextButton).not.toBeNull();
-		fireEvent.click(nextButton as Element);
-
-		const prevButton = screen.getByText('Prev').closest('button');
-		expect(prevButton).not.toBeNull();
-		fireEvent.click(prevButton as Element);
-
-		const { calls } = mockUseQuery.mock;
-		const hasPage1Call = calls.some((call) => {
-			const { queryKey: callQueryKey } = call[0] || {};
-			return Array.isArray(callQueryKey) && callQueryKey.includes(1);
-		});
-		expect(hasPage1Call).toBe(true);
 	});
 });

frontend/src/container/InfraMonitoringK8s/EntityDetailsUtils/EntityEvents/entityEvents.styles.scss

@@ -1,314 +0,0 @@
-// Events
-.entity-events-container {
-	margin-top: 1rem;
-
-	.filter-section {
-		flex: 1;
-
-		.ant-select-selector {
-			border-radius: 2px;
-			border: 1px solid var(--l1-border) !important;
-			background-color: var(--l3-background) !important;
-
-			input {
-				font-size: 12px;
-			}
-
-			.ant-tag .ant-typography {
-				font-size: 12px;
-			}
-		}
-	}
-
-	.entity-events-header {
-		display: flex;
-		justify-content: space-between;
-		gap: 8px;
-
-		padding: 12px;
-		border-radius: 3px;
-		border: 1px solid var(--l1-border);
-	}
-
-	.entity-events {
-		margin-top: 1rem;
-
-		.virtuoso-list {
-			overflow-y: hidden !important;
-
-			&::-webkit-scrollbar {
-				width: 0.3rem;
-				height: 0.3rem;
-			}
-
-			&::-webkit-scrollbar-track {
-				background: transparent;
-			}
-
-			&::-webkit-scrollbar-thumb {
-				background: var(--l3-background);
-			}
-
-			&::-webkit-scrollbar-thumb:hover {
-				background: var(--l3-background);
-			}
-
-			.ant-row {
-				width: fit-content;
-			}
-		}
-
-		.skeleton-container {
-			height: 100%;
-			padding: 16px;
-		}
-	}
-
-	.ant-table {
-		.ant-table-thead > tr > th {
-			padding: 12px;
-			font-weight: 500;
-			font-size: 12px;
-			line-height: 18px;
-
-			background: var(--card);
-			border-bottom: none;
-
-			color: var(--l2-foreground);
-			font-family: Inter;
-			font-size: 11px;
-			font-style: normal;
-			font-weight: 600;
-			line-height: 18px; /* 163.636% */
-			letter-spacing: 0.44px;
-			text-transform: uppercase;
-
-			&::before {
-				background-color: transparent;
-			}
-		}
-
-		.ant-table-thead > tr > th:has(.entityname-column-header) {
-			background: var(--l2-background);
-		}
-
-		.ant-table-cell {
-			padding: 12px;
-			font-size: 13px;
-			line-height: 20px;
-			color: var(--l1-foreground);
-			background: var(--card);
-			border-bottom: none;
-		}
-
-		.ant-table-cell:has(.entityname-column-value) {
-			background: var(--l2-background);
-		}
-
-		.entityname-column-value {
-			color: var(--l1-foreground);
-			font-family: 'Geist Mono';
-			font-style: normal;
-			font-weight: 600;
-			line-height: 20px; /* 142.857% */
-			letter-spacing: -0.07px;
-		}
-
-		.status-cell {
-			.active-tag {
-				color: var(--bg-forest-500);
-				padding: 4px 8px;
-				border-radius: 4px;
-				font-size: 12px;
-				font-weight: 500;
-			}
-		}
-
-		.progress-container {
-			.ant-progress-bg {
-				height: 8px !important;
-				border-radius: 4px;
-			}
-		}
-
-		.ant-table-tbody > tr:hover > td {
-			background: color-mix(in srgb, var(--l1-foreground) 4%, transparent);
-		}
-
-		.ant-table-cell:first-child {
-			text-align: justify;
-		}
-
-		.ant-table-cell:nth-child(2) {
-			padding-left: 16px;
-			padding-right: 16px;
-		}
-
-		.ant-table-cell:nth-child(n + 3) {
-			padding-right: 24px;
-		}
-
-		.column-header-right {
-			text-align: right;
-		}
-
-		.ant-table-tbody > tr > td {
-			border-bottom: none;
-		}
-
-		.ant-table-thead
-			> tr
-			> th:not(:last-child):not(.ant-table-selection-column):not(
-				.ant-table-row-expand-icon-cell
-			):not([colspan])::before {
-			background-color: transparent;
-		}
-
-		.ant-empty-normal {
-			visibility: hidden;
-		}
-	}
-
-	.ant-pagination {
-		position: fixed;
-		bottom: 0;
-		width: calc(100% - 54px);
-		background: var(--card);
-		padding: 16px;
-		margin: 0;
-
-		// this is to offset chat support icon till we improve the design
-		padding-right: 72px;
-
-		.ant-pagination-item {
-			border-radius: 4px;
-
-			&-active {
-				background: var(--primary-background);
-				border-color: var(--primary-background);
-
-				a {
-					color: var(--l1-foreground) !important;
-				}
-			}
-		}
-	}
-}
-
-.entity-events-list-container {
-	flex: 1;
-	height: calc(100vh - 300px) !important;
-	display: flex;
-	height: 100%;
-
-	.raw-log-content {
-		width: 100%;
-		text-wrap: inherit;
-		word-wrap: break-word;
-	}
-}
-
-.entity-events-list-card {
-	width: 100%;
-	margin-top: 12px;
-
-	.ant-table-wrapper {
-		height: 100%;
-		overflow-y: auto;
-
-		&::-webkit-scrollbar {
-			width: 0.3rem;
-			height: 0.3rem;
-		}
-
-		&::-webkit-scrollbar-track {
-			background: transparent;
-		}
-
-		&::-webkit-scrollbar-thumb {
-			background: var(--l3-background);
-		}
-
-		&::-webkit-scrollbar-thumb:hover {
-			background: var(--l3-background);
-		}
-
-		.ant-row {
-			width: fit-content;
-		}
-	}
-
-	.ant-card-body {
-		padding: 0;
-
-		height: 100%;
-		width: 100%;
-	}
-}
-
-.logs-loading-skeleton {
-	display: flex;
-	flex-direction: column;
-	align-items: center;
-	justify-content: center;
-	gap: 8px;
-	padding: 8px 0;
-
-	.ant-skeleton-input-sm {
-		height: 18px;
-	}
-}
-
-.no-logs-found {
-	height: 50vh;
-	width: 100%;
-	display: flex;
-	justify-content: center;
-	align-items: center;
-
-	padding: 24px;
-	box-sizing: border-box;
-
-	.ant-typography {
-		display: flex;
-		align-items: center;
-		gap: 16px;
-	}
-}
-
-.entity-events-footer {
-	display: flex;
-	justify-content: flex-end;
-	align-items: center;
-	gap: 8px;
-	padding: 8px 16px 8px 16px;
-	position: absolute;
-	bottom: 0;
-	right: 0;
-	width: 100%;
-
-	border-radius: 0px 0px 3px 3px;
-	border-top: 1px solid var(--l1-border);
-	background: var(--l3-background);
-	box-sizing: border-box;
-
-	.ant-btn {
-		color: var(--l1-foreground);
-		font-size: 12px;
-		font-style: normal;
-		font-weight: 400;
-		line-height: 20px; /* 142.857% */
-		letter-spacing: -0.07px;
-	}
-
-	.periscope-btn {
-		&.gentity {
-			border: none;
-			background: transparent;
-		}
-	}
-}
-
-.periscope-btn-icon {
-	cursor: pointer;
-}

frontend/src/container/InfraMonitoringK8s/EntityDetailsUtils/EntityEvents/hooks.ts

@@ -0,0 +1,122 @@
+import { useCallback, useMemo } from 'react';
+import { useQuery, useQueryClient } from 'react-query';
+import { ENTITY_VERSION_V5 } from 'constants/app';
+import { REACT_QUERY_KEY } from 'constants/reactQueryKeys';
+import { GetMetricQueryRange } from 'lib/dashboard/getQueryResults';
+
+import { getEntityEventsQueryPayload } from './utils';
+
+export const K8S_ENTITY_EVENTS_EXPRESSION_KEY = 'k8sEntityEventsExpression';
+
+export interface EventRowData {
+	id: string;
+	body: string;
+	severity_text: string;
+	attributes_string?: Record<string, string>;
+	resources_string?: Record<string, string>;
+}
+
+export interface EventRow {
+	timestamp: string;
+	data: EventRowData;
+}
+
+export function useEntityEvents({
+	queryKey,
+	timeRange,
+	expression,
+	offset = 0,
+	pageSize = 10,
+}: {
+	queryKey: string;
+	timeRange: { startTime: number; endTime: number };
+	expression: string;
+	offset?: number;
+	pageSize?: number;
+}): {
+	events: EventRow[];
+	isLoading: boolean;
+	isFetching: boolean;
+	isError: boolean;
+	error?: unknown;
+	currentCount: number;
+	hasMore: boolean;
+	refetch: () => void;
+	cancel: () => void;
+	reactQueryKey: unknown[];
+} {
+	const reactQueryKey = useMemo(
+		() => [
+			// TODO: remove AUTO_REFRESH_QUERY when migrating to date time selection v3
+			REACT_QUERY_KEY.AUTO_REFRESH_QUERY,
+			queryKey,
+			timeRange.startTime,
+			timeRange.endTime,
+			expression,
+			offset,
+			pageSize,
+		],
+		[
+			queryKey,
+			timeRange.startTime,
+			timeRange.endTime,
+			expression,
+			offset,
+			pageSize,
+		],
+	);
+
+	const { data, isLoading, isFetching, isError, error, refetch } = useQuery({
+		queryKey: reactQueryKey,
+		queryFn: async ({ signal }) => {
+			const { query } = getEntityEventsQueryPayload({
+				start: timeRange.startTime,
+				end: timeRange.endTime,
+				expression,
+				offset,
+				pageSize,
+			});
+			return GetMetricQueryRange(query, ENTITY_VERSION_V5, undefined, signal);
+		},
+		enabled: !!expression?.trim(),
+	});
+
+	const result = data?.payload?.data?.newResult?.data?.result?.[0];
+
+	const events = useMemo<EventRow[]>(() => {
+		const list = result?.list;
+		if (!list) {
+			return [];
+		}
+
+		return list.map((item) => ({
+			data: item.data as EventRowData,
+			timestamp: item.timestamp,
+		}));
+	}, [result?.list]);
+
+	const currentCount = result?.list?.length || 0;
+
+	const hasMore = !!result?.nextCursor || currentCount >= pageSize;
+
+	const queryClient = useQueryClient();
+
+	const cancel = useCallback(() => {
+		void queryClient.cancelQueries({
+			queryKey: reactQueryKey,
+		});
+	}, [queryClient, reactQueryKey]);
+
+	return {
+		events,
+		isLoading,
+		isFetching,
+		isError,
+		error,
+		currentCount,
+		hasMore,
+		refetch,
+		cancel,
+		reactQueryKey,
+	};
+}